HTB Series #2 Legacy

It is the second day and I am back with another write up describing my journey about finding the flags. Since Legacy falls under the list of an easy machine, hence it didn’t take much after finding the correct exploit. Let’s jump ahead to the steps, I carried out to own the flags.

Target Machine: 10.10.10.4

I started enumerating services and it’s version running on the target machine using nmap. It identified 3 services to be running on port 139[Netbios-SSN], 445[microsoft-ds] and 3389[ms-wbt-server. As per nmap, the box was identified as running with Windows XP.

Nmap
NMAP Result

I tried to find an exploit for RDP port but didn’t find any luck. Based on little research[SMB exploit for Windows XP] on Google gave me Metasploit exploit for a reverse shell. I used the same to create a reverse shell.

Exploit1
Reverse Shell

After getting the reverse shell, the job was to find the root as well as user flag. I navigated to the Document and Settings folder as it hosts the users’ profile. After navigating to the Desktop folder of Administrator, identified the root flag. Since I was working on Windows command shell after a long time, it took a bit of time to recall more to read the content of the file on command prompt itself.

Root
Root Flag

After identifying the root flag, I navigated for the user profile and only John looked like a user. I navigated to the Desktop folder and found the flag.

User
User Flag

With these two flags, I successfully completed the Legacy box. Based on novice experience with hacking vulnerable box, I understood that it becomes easier to exploit the machine because we are having the Metasploit modules which are helping. In real-time, we will have to modify the exploit scripts as generally these modules will get detected by security products because of regex match or exploit signature. I am thinking to start studying about all modules which I will be using in the exploit phase and provide my understanding about them while writing this report. It can help more and make us understand how and what did get exploited to get a reverse shell.

Till then Keep Hacking[legally] the Box!!

Plagiarism Score: 0% Calculated from SmallSEOTools

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Website Powered by WordPress.com.

Up ↑

%d bloggers like this: