Legacy
Contents
Intro
This was my first Windows box, as well as the shortest/most straightforward box out of all the ones I've done so far haha. I'll showcase why.
User and Root
Starting with nmap:
sudo nmap -sC -sV 10.129.227.181 135/tcp open msrpc Microsoft Windows RPC 139/tcp open netbios-ssn Microsoft Windows netbios-ssn 445/tcp open microsoft-ds Windows XP microsoft-ds Service Info: OSs: Windows, Windows XP; CPE: cpe:/o:microsoft:windows, cpe:/o:microsoft:windows_xp
Looks like the machine is running SMB. Given how outdated windows XP is, I thought it would be pretty reasonable to just search for a vulnerability online. Safe to say it didn't take too long to find one.
This exploit can be found in the metasploit framework:
msfconsole use exploit/windows/smb/ms08_067_netapi
The only parameters that required any change were the two LHOST and RHOSTS. Once we've changed those, the exploit can be run and we net ourselves a root shell.