Legacy Walkthrough
Welcome all, today we will take about one of HackTheBox machines “Legacy” which is easy, and it’s for beginners, let’s take a look at the machines info
Okay, let’s get started…
DNS Enumeration
The first step is to know what open ports and the service running on them to try to take any entry point from here so the basic usage of nmap
is nmap -sS -sV -O <machine-ip>
it will return the system version and the OS details, and it will work only for tcp
not udp
ports, you can know more about these options form nmap --help
From the results, we have this information
So from this info we know that we have 3 ports open and 2 services running.
We have SMB
the port is open so we will try to know the version of it because it doesn’t return with the results, so we will use metasploit
modules to search for any module which performs this task
Good we have one module here, type use 0
to use it and then set options like RHOSTS
and so on and then run
to start exploitation
As you can see we have the version now, let’s search for CVE for this version by metasploit
also by typing search windows xp sp3
and you will find a bunch of CVE so choose any one of them which will be suitable to your machine and try to exploit using it, I have used the module which you see in this photo
It opens meterpreter
a session for me, so I’ll type shell
to open a reverse shell but before doing this I need to know the privileges of my account, so I will type getuid
to know
So now we are admin and have permission to access all the machine’s directories as you can see
After accessing these directories, you will find the flags
Congrats and Thank you ❤
Last updated