It is the second day and I am back with another write up describing my journey about finding the flags. Since Legacy falls under the list of an easy machine, hence it didn’t take much after finding the correct exploit. Let’s jump ahead to the steps, I carried out to own the flags.
Target Machine: 10.10.10.4
I started enumerating services and it’s version running on the target machine using nmap. It identified 3 services to be running on port 139[Netbios-SSN], 445[microsoft-ds] and 3389[ms-wbt-server. As per nmap, the box was identified as running with Windows XP.

I tried to find an exploit for RDP port but didn’t find any luck. Based on little research[SMB exploit for Windows XP] on Google gave me Metasploit exploit for a reverse shell. I used the same to create a reverse shell.

After getting the reverse shell, the job was to find the root as well as user flag. I navigated to the Document and Settings folder as it hosts the users’ profile. After navigating to the Desktop folder of Administrator, identified the root flag. Since I was working on Windows command shell after a long time, it took a bit of time to recallĀ more to read the content of the file on command prompt itself.

After identifying the root flag, I navigated for the user profile and only John looked like a user. I navigated to the Desktop folder and found the flag.

With these two flags, I successfully completed the Legacy box. Based on novice experience with hacking vulnerable box, I understood that it becomes easier to exploit the machine because we are having the Metasploit modules which are helping. In real-time, we will have to modify the exploit scripts as generally these modules will get detected by security products because of regex match or exploit signature. I am thinking to start studying about all modules which I will be using in the exploit phase and provide my understanding about them while writing this report. It can help more and make us understand how and what did get exploited to get a reverse shell.
Till then Keep Hacking[legally] the Box!!
Plagiarism Score: 0% Calculated fromĀ SmallSEOTools
Leave a Reply