Hacking
  • Penetration Testing
  • Methodologies
    • Exfil
    • Manual Enumeration
    • Basic Buffer Overflow
    • Basic Internal Network test
    • Basic Mobile Testing guide
    • Basic Subdomain Enumeration guide
  • Guides
    • Build A Raspberry Pi Dropbox
    • Golang
    • Powershell / PowerView
    • PurpleSharp
  • Hack The Box last updated - 2019
    • Legacy
    • Devel
    • Optimum
    • Popcorn
    • Beep
    • Tenten
    • Arctic
    • Cronos
    • Grandpa
    • Granny
    • October
    • Lazy
    • Sneaky
    • Holiday
    • Blocky
    • Shrek
    • Blue
    • Joker
    • Europa
    • Haircut
    • Bank
    • SolidState
    • Mantis
    • Shocker
    • Tally
    • Sense
    • Jeeves
    • Stratosphere
    • Inception
    • Bashed
    • Fluxcapacitor
    • Canape
    • Rabbit
    • Chatterbox
    • Nibbles
    • Sunday
    • Aragog
    • Valentine
    • Silo
    • Olympus
    • Poison
    • Celestial
    • Waldo
    • Jerry
    • Access
    • Active
    • Netmon
  • scriptz
  • Issues
    • gists
    • Boring Issues
Powered by GitBook
On this page
  • Legacy - 10.10.10.4
  • Target Enumeration:
  • Ports / Services / Software Versions Running
  • Vulnerability Exploited:
  • Exploiting the host:
  1. Hack The Box last updated - 2019

Legacy

PreviousPurpleSharpNextDevel

Last updated 6 years ago

Legacy - 10.10.10.4

Target Enumeration:

OS: Windows

IP: 10.10.10.4

User: e69af0e4f443de7e36876fda4ec7644f

Root: 993442d258b0e0ec917cae9e695d5713

Ports / Services / Software Versions Running

139/tcp  open netbios-ssn   Microsoft Windows netbios-ssn
445/tcp  open microsoft-ds  Windows XP microsoft-ds
3389/tcp closed ms-wbt-server

Vulnerability Exploited:

MS08-067

This exploits a parsing flaw in the path canonicalization code of NetAPI32.dll through the Server Service. This module is capable of bypassing NX on some operating systems and service packs. The correct target must be used to prevent the Server Service (along with a dozen others in the same process) from crashing. Windows XP targets seem to handle multiple successful exploitation events, but 2003 targets will often crash or hang on subsequent attempts.

Exploiting the host:

Nmap

Nmap SMB-Vuln scan:

Set msfconsole as follows:

Execute the exploit and get meterpreter shell.

Evidence

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-067