I am starting a series where I go through HackTheBox virtual machines.
HackTheBox is an environment where we can exploit multiple machines and get points for them.
Legacy is a fairly simple machine. We start by doing a simple NMAP scan to determine what is on the machine.
As we can see, port 445 is using microsoft-ds which we know was vulnerable to CVE-2008-4250. If we previously did not know this information, there is a very useful NMAP script that can help us find vulnerable services.
As you can see, this nmap script has found the vulnerability in port 443 to be smb-vuln-ms08-067
Now we can fire up Metasploit and search for this exploit.
We have successfully found an exploit for this machine. Now we just need to use this exploit, and set it to our RHOST machine, then exploit it.
That was easy. Now we need to find the flags for user and own root.
user.txt is located on the desktop C:\Documents and Settings\john\Desktop and contains the hash to own the user.
In order to own root, we need to navigate to the Desktop in the administrator folder.
No one should be using Windows XP in 2018 as it contains multiple vulnerabilities that cybercriminals can take advantage of.