The target of this assessment was "Blue," a specific, vulnerable-by-design virtual machine hosted on the TryHackMe platform.
All findings are from a retired, intentionally vulnerable machine created for security training and skill demonstration.
- Platform: TryHackMe (https)://tryhackme.com)
- Room: Blue
- Purpose: To demonstrate penetration testing methodology, from reconnaissance and exploitation to professional documentation.
This project documents a simulated penetration test against the TryHackMe "Blue" room. The objective was to gain privileged access to the machine by identifying and exploiting its vulnerabilities.
The assessment followed a standard penetration testing methodology:
- Reconnaissance: Enumerating the target system to identify its operating system, open ports, and running services.
- Scanning & Enumeration: Using vulnerability-specific scripts to confirm the presence of known weaknesses.
- Exploitation: Using a known exploit to gain initial access and escalate privileges.
- Reporting: Documenting all findings, providing a risk rating, and detailing remediation steps.
- Nmap: For port scanning and service/OS enumeration.
- Nmap Scripting Engine (NSE): To scan for the specific MS17-010 vulnerability.
- Metasploit Framework: To manage the exploitation and post-exploitation process.
The full, detailed findings and remediation recommendations are available in the main report file: