TryHackMe: Blue - Exploiting Windows & Eternal Blue
#Recon #Gain_Access #Escalate #Cracking #FindFlags
I am only going over Task 5: Find Flags. Through my studies, I have learned when you have a foothold of a Windows machine, it is best practice to start at the C: Drive (Root) and start browsing around from there.
Well I am a little lazy so browsing around massive directories does not seem appealing to me. So I rather use my time wisely and make things easier if I can. Well how do I find these flags in a system I am not familiar with? My answer....using a simple search function. We know that most flags are .txt files so I used the command below to output all .txt files in this machine:
1) dir is directory
2) * is used as a wildcard because, I really don't know the names of the flag files. So it will pull all .txt files in the C:\
3) /s option directs a search of all folders on the hard drive
I then copied the entire output to a wordpad and CTRL -F to find the keyword "flag". With this option, I could possibly get lucky and not have to browse this machine, which would save me a lot of time. Good thing I tried this first because I did find all three flags in this output file. I know there is an easier way than copying the output to a wordpad to figure out the information needed. I will do some research later to get it to work out the way I want.
So armed with the directory of each flag, I simply went into them and gathered the flag content.
Flag 1: Located in the C:\
Since we already in the C:\, just run the command:
"type flag1.txt" and gather your flag
Flag 2: Located in the Windows\System32\config directory
Run the command:
"type flag2.txt" and gather your flag
Flag 3: Located in the Users\Jon\Documents directory
Run the command:
"type flag3.txt" and gather your flag
How to Search for Files from the DOS Command Prompt https://www.dummies.com/computers/operating-systems/windows-xp-vista/how-to-search-for-files-from-the-dos-command-prompt/