This is my next write-up that details my experience on doing penetration testing with the Hack The Box. Legacy is yet another retired windows machine that has the SMB vulnerabilities that we try exploiting using the Metasploit by generating payloads and shellcodes. The IP address of the machine is 10.10.10.4.
The first step is the process of reconnaissance that is done by performing a nmap scan that helps us show the open ports that can be serving us the vulnerable ports.
Here we get to know that the Windows XP machine with port 445 opened is vulnerable to SMB protocol.
We double-check this SMB vulnerability using nmap script
To our surprise, we find that the machine is vulnerable to MS08–67 exploit.
To perform this exploit, we then start the msfconsole for Metasploit framework using the module for exploiting the target machine.
We then set the options for checking the conditions such as the listening hosts and ports and the same at the targeting machine.
Then the shell opens and to get inside and access the machine, we use the shell.
Since it was a huge file system, I tried locating the file directly, which initially failed.
Then I navigated through the directories, for the ease of working and then we find a name John who may be a user, and navigating through it to check for the files.
Yes!! We have got the user file from which we obtain the user hash value.
Then we escalate the privilege for the user to the administrator by navigating between folders. And lastly, we find the root file as well.
Yes... We have got the root hash value as well.
