Hack The Box — Legacy

Welcome all, today we will take about one of HackTheBox machines “Legacy” is easy and it’s for beginners, let’s take a look at machines info

Okay, let’s get started…

DNS Enumeration

The first step is to know what’s open ports and the service which running on it to try to take any entry point from here so the basic usage of nmap is nmap -sS -sV -O <machine-ip> it will return the system version and the OS details and it will work only for tcp not udp ports, you can know more about these options form nmap --help From the results we have these informations

host        port   name             service
---- ---- ---- ----
10.10.10.4 139 netbios-ssn Microsoft Windows netbios-ssn
10.10.10.4 445 microsoft-ds Windows XP microsoft-ds
10.10.10.4 3389 ms-wbt-server

So from these infos we know that we have 3 ports are open and 2 services running.

We have SMB port is open so we will try to know the version of it because it doesn’t returned with the results, so we will use metasploit modules to search about any module which perform this task

Good we have one module here, type use 0 to use it and then set the options like RHOSTS and so on and then run to start exploitation

As you can see we have the version now, let’s search about CVE for this version by metasploit also by typing search windows xp sp3 and you will find a bunch of CVE’s so choose any one of them which will be suitable to your machine and try to exploit using it, I have used the module which you see in this photo

It opens meterpreter session for me, so I’ll type shell to open reverse shell but before doing this I need to know the privileges of my account, so I will type getuid to know

So now we are admin and have permission to access all the machine’s directories as you can see

After accessing these directories you will find the flags

Congrats and Thank you ❤

Stay in touch

LinkedIn | GitHub | Twitter

Offensive Security Enthusiast