🔐
EAkl Blog
  • 👋Welcome!
  • 🐛Web Application Findings
    • Cisco BroadWorks Vulnerabilities CVE-2021–34785 & CVE-2021–34786
    • Authentication bypass using empty parameters.
    • IDOR at Login function leads to leak user’s PII data
  • ℹ️Recon automation, tips and tricks
    • Simple Recon Methodology
    • How to write a simple script to automate finding bugs
  • 🔐Hack The Box Machines
    • Feline Walkthrough
    • Reel2 Walkthrough
    • Active Walkthrough
    • PopCorn Walkthrough
    • Jewel Walkthrough
    • Passage Walkthrough
    • Time Walkthrough
    • Devel Walkthrough
    • Lame Walkthrough
    • Beep Walkthrough
    • Blue Walkthrough
    • Jerry Walkthrough
    • Optimum Walkthrough
    • Grandpa Walkthrough
    • Legacy Walkthrough
    • Mirai Walkthrough
    • Valentine Walkthrough
    • Shocker Walkthrough
    • Netmon Walkthrough
    • Bank Walkthrough
    • Granny Walkthrough
    • Tabby Walkthrough
    • Access Walkthrough
    • Swagshop Walkthrough
    • OpenAdmin Walkthrough
    • Remote Walkthrough
    • Sauna Walkthrough
    • FriendZone Walkthrough
    • Hack The Box — Networked
    • Hack The Box — Forest
    • Hack The Box — WriteUP
    • Hack The Box — Academy
    • Hack The Box — Luanne
  • 🏴‍☠️CTF Challenges
    • CTF CyberTalents  — Bypass the world Writeup
    • CTF CyberTalents — Admin Gate First
    • CTF CyberTalents — Inbox
    • CTFlearn — Inj3ction Time
    • CTF ringzer0ctf — Challenge Access List
    • CTF ringzer0ctf — Login portal 2
    • CTF ringzer0ctf — SQLi challenges — part 1
    • CTF ringZer0ctf — Login form
  • 🔴Red Teaming Tips & Tricks
    • MOTW Defensive and Bypass techniques
  • ☁️Cloud Security
    • [Azure] Real Example to know different types of app concepts in Azure
    • [Azure] What To Do If?
Powered by GitBook
On this page
  1. Hack The Box Machines

Legacy Walkthrough

PreviousGrandpa WalkthroughNextMirai Walkthrough

Last updated 2 years ago

Welcome all, today we will take about one of HackTheBox machines “Legacy” which is easy, and it’s for beginners, let’s take a look at the machines info

Okay, let’s get started…

DNS Enumeration

The first step is to know what open ports and the service running on them to try to take any entry point from here so the basic usage of nmap is nmap -sS -sV -O <machine-ip> it will return the system version and the OS details, and it will work only for tcp not udp ports, you can know more about these options form nmap --help From the results, we have this information

host        port   name             service
----        ----   ----             ----
10.10.10.4  139   netbios-ssn       Microsoft Windows netbios-ssn
10.10.10.4  445   microsoft-ds      Windows XP microsoft-ds
10.10.10.4  3389  ms-wbt-server

So from this info we know that we have 3 ports open and 2 services running.

We have SMB the port is open so we will try to know the version of it because it doesn’t return with the results, so we will use metasploit modules to search for any module which performs this task

Good we have one module here, type use 0 to use it and then set options like RHOSTS and so on and then run to start exploitation

As you can see we have the version now, let’s search for CVE for this version by metasploit also by typing search windows xp sp3 and you will find a bunch of CVE so choose any one of them which will be suitable to your machine and try to exploit using it, I have used the module which you see in this photo

It opens meterpreter a session for me, so I’ll type shell to open a reverse shell but before doing this I need to know the privileges of my account, so I will type getuid to know

So now we are admin and have permission to access all the machine’s directories as you can see

After accessing these directories, you will find the flags

Congrats and Thank you ❤

🔐