Sunday, February 3, 2019

Legacy


LEGACY

- Layout for this exercise:





1 - INTRODUCTION

The goal of this exercise is to develop a hacking process for the vulnerable machine Legacy, what is a retired machine from the Hack The Box pentesting platform:

https://www.hackthebox.eu


2 - ENUMERATION

- Legacy's IP is 10.10.10.4:




- Scanning with Nmap we learn that a Windows XP system is running SMB service at ports 139 and 445:




- Scanning deeper those two ports:





- Looking for vulnerabilities on port 139:




- Looking for vulnerabilities on port 445:



- To sum it up, we have discovered these potential vulnerabilities:

  • CVE-2008-4250
  • CVE-2017-0143
  • CVE-2009-3103



3 - EXPLOITATION


- There are several Metasploit modules associated to these vulnerabilities.

- For instance ms08_067_netapi is able to exploit CVE-2008-4250:









- Launching Metasploit and taking the module ms08_067_netapi:








- Once we get a System privileged Meterpreter session it is easy to spawn a shell:






4 - CAPTURING THE FLAGS

- Reading user.txt:





- Reading root.txt: