HTB - Legacy Writeup

Featured image

Initial Enumeration

1.Nmap Scanning

Starting with a scan of the target ip address:

nmap -sC -sV -oA legacy.nmap

Based on the output of the nmap scan we can see that SMB port is open and the operating system is Windows XP.


2.SMB Exploits

Now that we know the OS is Windows XP and SMB is open, lets do a quick google search. One of the first exploits we see is named “CVE-2008-4250” and there looks to be a Metasploit module for this. Lets give that a try.

More information on CVE-2008-4250

User flag is at C:\Documents and Settings\john\Desktop\user.txt

Root flag is at C:\Documents and Settings\Administrator\Desktop\root.txt