Hack The Box – Legacy

After taking a break from writing blogs about hacking, I thought I'd jump back into it. This write up is going to be covering the “Legacy” box from Hack The Box. If you haven't seen or heard about Hack The Box, I highly recommend you try it out.

I chose Legacy as it is a retired box, so that means you can do a write up about it. I will be trying to hack all of the retired boxes and writing about my experiences.  

Intelligence Gathering

Data given: IP: 10.10.10.4 OS: Windows

I first pinged the remote host to confirm it was online. I then ran an nmap scan with the parameters below. nmap 10.10.10.4 Imgur

Knowing that port 139 and 445 were open, I ran a more targeted scan to enumerate more about those services. nmap -sC -sV -A -p139,445,3389 10.10.10.4 Imgur This is a much more interesting scan result. It looks to be a Windows XP or 2000 box. I assume the name of the box “Legacy” refers to the version.

 

Vulnerability Analysis

I did a quick search with searchsploit for “Windows 2000” and noticed this result. Imgur

 

Exploitation

I fired up metasploit and loaded the module for MS08-067. Imgur

I set the target to the remote host and to verify that it was actually vulnerable, I used the “check” command in metasploit. Imgur

Sweet! Let's exploit now! Imgur Awesome, it worked!

 

Post Exploitation

Next goal is to get the flags for both the user and root (Administrator in this case). Both flags on are on each user's desktop. To do this, I'll drop into a shell session on the host. I need to see if I can get the flags without having to do any sort of privesc. Imgur I was able to grab the user flag without having to do any sort of privesc. Now, let's try the same thing for the Administrator account. Imgur Alright! That wasn't bad at all. On to the next one!

 

Conclusion

This was a very easy lab that had us use MS08-067 on a Windows XP computer. I didn't use any outside resources on this one, besides searchsploit, which can be found here. Looking forward to the next one!