Today we’re going to solve another CTF machine “Legacy”. It is now retired box and can be accessible if you’re a VIP member.

Introduction

Specifications

  • Target OS: WIndows
  • Services: netbios-ssn, microsoft-ds, ms-wbt-server
  • IP Address: 10.10.10.4
  • Difficulty: Easy

Weakness

  • 445: MS08-67

Contents

  • Getting user
  • Getting root

Reconnaissance

As always, the first step consists of reconnaissance phase as port scanning.

Ports Scanning

During this step we’re gonna identify the target to see what we have behind the IP Address.

Mainly in many origination port serious from 135 to 139 are blocked in network for security reasons, therefore port 445 is used for sharing data in network.  Now identify whether it is vulnerable to MS08-67 using nmap as show in given image.

We found our host is vulnerable to MS08-67, and we can easily exploit the target..

Exploitation

So we’re gonna use metasploit module and exploit this vulnerability.

Module: exploit/windows/smb/ms08_067_netapi

And we got our shell and we’re already NT Authority .

User:  C:\Documents and Settings\john\Desktop\user.txt​

Root: C:\Documents and Settings\Administrator\Desktop\root.txt