Skip to main content

[Hack the box] Legacy write-up

Hi friends,

I've just finished the Legacy box on Hack The Box, and it's retired so I would like to write down my solution. First, I have to say that I'm totally new in pentesting or CTF playing. That's why I did take a look on Hack The Box labs to find the most easiest boxes to start with, and I found 4 boxes: Legacy, Blue, Lame and Jerry.

I just picked Legacy box randomly and started with nmap scanning: "nmap -p 1-63335 -T4 -A -v 10.10.10.4" and found that we had 3 ports opening: 139, 445, 3389.

Then, I kept using nmap to check for if these is any vulnerabilities on port 445: "nmap --script vuln -p445 10.10.10.4" and got the MS08-067 (CVE-2008-4250) vulnerability.

Now, I could use Metasploit to exploit for the above bug: "use exploit/windows/smb/ms08_067_netapi
". You might need to set rhost option before running the exploit. After that, we will have the shell and we could find the needed flags on the Desktop folders of Administrator and john users.

Happy hacking and see you guys later!
Labels:

Comments

Post a Comment

Popular posts from this blog

[Metasploitable 2] Method #3: Bind Shell Backdoor

Hi friends, This post will be short because the vulnerability is very clear and straightforward. As you may know, on my 2nd post on Metasploitable 2 hacking , I used Nessus to confirm the vulnerability found by Nmap. The scan results from Nessus are very interesting! So let's just start by looking at the first one: Bind Shell Backdoor Detection. The detail of this vulnerability says very clear that the Metasploitable 2 machine's shell is listening on port 1524. So let's try to use netcat to connect to port 1524. That's easy, right? We also can see the connection from Kali to Metasploitable 2 on port 1524. Let's move to another way.
Post a Comment
Read more

[Metasploitable 2] Method #1: Meet My Old Friend distccd v1

Hi friends, I would like to share with you how I hack Metasploitable 2 by utilize the distccd v1 vulnerability. These are many bugs in Metasploitable 2 that can help you to hack it. Why I choose distccd? After using NMAP to scan for open ports on Metasploitable 2, I think I might meet an old friend again. I faced up to distccd when playing with Hack The Box's Lame (you can read my write-up on box Lame here ). So, I guess I could use the same technique to hack Metasploitable 2 for the first time. Let's start! Using NMAP to scan for vulnerability on port 3632 :  nmap --script vuln -p3632 192.168.32.129 We got  CVE-2004-2687 ! Fire up Metasploit to search for the appropriate module or you can just use Google:  msf > search type:exploit name:distcc We know what module we have to use and then we can get in the box with the daemon user. How to become root? We have to find a way to escalate our privilege. Let's take a look on this article to know how ...
Post a Comment
Read more

[Metasploitable 2] Method #2: Thank to Somebody's Backdoor on vsFTPd 2.3.4

Hi friends, Today, I would like to share another way to hack Metasploitable 2. You might want to checkout my other posts on Metasploitable 2 here . So let's start! Using Nmap NSE to see if there is any vulnerability on port 21:  nmap --script vuln 10.0.2.5 -p21 and I found vsFTPd version 2.3.4 backdoor. For a studying purpose, I want to use Nessus on Kali to confirm the above vulnerability, but couldn't find it. Hmmm, maybe I need to change some parameters on my Nessus scan! However, the results from Nessus are very interesting, and I can use them for future works! Let's use Metasploit to find the correct exploit and make this shit done :) We can confirm a connection from Kali to Metasploitable 2 by a netstat command. Happy hacking!
Post a Comment
Read more