Hack The Box (Legacy)
By: Nicholas Werner
nmap scan to see which ports are open and which services are running on the Legacy machine (
Ports 139 and 445 are open and they are both SMB related.
I ran smbclient -L to list out any files in SMB.
It did not work.
Now, I want to run msfconsole to start Metasploit.
search smb_version helps me to find out what version of SMB this machine is running.
use auxiliary/scanner/smb/smb_version allows me to enter that module that I just found.
options helps me to configure the scan. set rhosts sets the rhosts to my victim machine. Typing options again allows me to see what options I just set. exploit runs the module.
I found that the host is running Windows XP SP3 so I want to search around to see what exploits are out there.
Generally, if there is a link for Rapid7 I will use that.
I type in the first line into Metasploit like above, options, set rhosts, exploit.
It appears that the exploit was completed but no meterpreter session was created so I might want to try a different payload.
I ended up changing the lhost to (tun0) because I noticed that was not correct and I got a meterpreter session.
With getuid it look like we already have system level privileges.
hashdump allows us to view the password hashes of each user.
shell is used to get a shell in the Windows machine. Then I start to look around to see if I can find the flag.
Commands used:
cd “Documents and Settings”
cd john
cd Desktop
Here is the flag for the user.
Here is the flag for the administrator/system.