Today we’re going to solve another CTF machine “Legacy”. It is now retired box and can be accessible if you’re a VIP member.
- Target OS: WIndows
- Services: netbios-ssn, microsoft-ds, ms-wbt-server
- IP Address: 10.10.10.4
- Difficulty: Easy
- 445: MS08-67
- Getting user
- Getting root
As always, the first step consists of reconnaissance phase as port scanning.
During this step we’re gonna identify the target to see what we have behind the IP Address.
host port proto name state info ---- ---- ----- ---- ----- ---- 10.10.10.4 139 tcp netbios-ssn open Microsoft Windows netbios-ssn 10.10.10.4 445 tcp microsoft-ds open Windows XP microsoft-ds 10.10.10.4 3389 tcp ms-wbt-server closed
Mainly in many origination port serious from 135 to 139 are blocked in network for security reasons, therefore port 445 is used for sharing data in network. Now identify whether it is vulnerable to MS08-67 using nmap as show in given image.
nmap --script vuln -p445 10.10.10.4 -Pn
We found our host is vulnerable to MS08-67, and we can easily exploit the target…
So we’re gonna use metasploit module and exploit this vulnerability.
And we got our shell and we’re already NT Authority .
User: C:\Documents and Settings\john\Desktop\user.txt
Root: C:\Documents and Settings\Administrator\Desktop\root.txt