Hack The Box – Legacy
After taking a break from writing blogs about hacking, I thought I'd jump back into it. This write up is going to be covering the “Legacy” box from Hack The Box. If you haven't seen or heard about Hack The Box, I highly recommend you try it out.
I chose Legacy as it is a retired box, so that means you can do a write up about it. I will be trying to hack all of the retired boxes and writing about my experiences.
Intelligence Gathering
Data given: IP: 10.10.10.4 OS: Windows
I first pinged the remote host to confirm it was online. I then ran an nmap scan with the parameters below.
nmap 10.10.10.4
Knowing that port 139 and 445 were open, I ran a more targeted scan to enumerate more about those services.
nmap -sC -sV -A -p139,445,3389 10.10.10.4
This is a much more interesting scan result. It looks to be a Windows XP or 2000 box. I assume the name of the box “Legacy” refers to the version.
Vulnerability Analysis
I did a quick search with searchsploit for “Windows 2000” and noticed this result.
Exploitation
I fired up metasploit and loaded the module for MS08-067.
I set the target to the remote host and to verify that it was actually vulnerable, I used the “check” command in metasploit.
Sweet! Let's exploit now!
Awesome, it worked!
Post Exploitation
Next goal is to get the flags for both the user and root (Administrator in this case). Both flags on are on each user's desktop. To do this, I'll drop into a shell session on the host. I need to see if I can get the flags without having to do any sort of privesc.
I was able to grab the user flag without having to do any sort of privesc. Now, let's try the same thing for the Administrator account.
Alright! That wasn't bad at all. On to the next one!
Conclusion
This was a very easy lab that had us use MS08-067 on a Windows XP computer. I didn't use any outside resources on this one, besides searchsploit, which can be found here. Looking forward to the next one!