DEV Community

Ari Kalfus
Ari Kalfus

Posted on • Originally published at blog.artis3nal.com on

Writeup: HackTheBox Legacy - with Metasploit

#pentest #hacking

This series will follow my exercises in HackTheBox. All published writeups are for retired HTB machines. Whether or not I use Metasploit to pwn the server will be indicated in the title.

Legacy

Machine IP: 10.10.10.4

As always, I start enumeration with AutoRecon. I see that the server is running SMB and the OS is likely Windows XP.

autorecon results

nmap results

nmap script results

Let's see what options I have in Metasploit. I'll use the MS08_67 exploit.

msf search

I configure the exploit options to target 10.10.10.4.

msf exploit

And there I have it. A root shell.

root shell

From here I can read the user and root's flags with ease (ignoring some Windows directory traversal mistakes).

user flag

root flag

Top comments (0)

Read next

dumebii profile image

DevTools Startup Ideas: Build an AI-Powered Chatbot Using Claude And React

Dumebi Okolo -

akshat0610 profile image

Day 1 SQL Series || Introduction to SQL

Akshat Sharma -

jasmeet7015 profile image

Should You Customize Your Resume for Every Job? Here's What I Learned After Applying to 100 Roles

Jasmeet Singh -

atimin profile image

Keeping MQTT Data History with Node.js

Alexey Timin -