DEV Community

loading...

Writeup: HackTheBox Legacy - with Metasploit

artis3n profile image Ari Kalfus Originally published at blog.artis3nal.com on ・1 min read

This series will follow my exercises in HackTheBox. All published writeups are for retired HTB machines. Whether or not I use Metasploit to pwn the server will be indicated in the title.

Legacy

Machine IP: 10.10.10.4

As always, I start enumeration with AutoRecon. I see that the server is running SMB and the OS is likely Windows XP.

autorecon results

nmap results

nmap script results

Let's see what options I have in Metasploit. I'll use the MS08_67 exploit.

msf search

I configure the exploit options to target 10.10.10.4.

msf exploit

And there I have it. A root shell.

root shell

From here I can read the user and root's flags with ease (ignoring some Windows directory traversal mistakes).

user flag

root flag

Discussion (0)

pic
Editor guide