HTB: "Legacy"? Tutorial

HTB: "Legacy" Tutorial

Joseph Sales Joseph Sales

Joseph Sales

Process & Technology

发布日期: 2019年12月14日
+ 关注

Tools and Resources:

nmap

metaploit

Step 1.

Scan for open ports.

No alt text provided for this image

We can see that Ports 139 and 445 are open.

We also find out that the user is using Microsoft Windows XP with Service Pack 3 (sp3)

With research, we find that Windows XP has netapi vulnerabilities: https://null-byte.wonderhowto.com/forum/exploit-windows-xp-with-netapi-vulnerability-0154447/

Step 2.

Search Metasploit for a vulnerability to run.

No alt text provided for this image

#3 . . . Rank: great

Let's try that one first. Set the rhost and run it!

No alt text provided for this image

So far so good.

Let's orient ourselves.

No alt text provided for this image

Ok, we're in!

Step 3.

Hey machine, who am I?

No alt text provided for this image

“Any man who must say, I am the king, is no true king.” - Tywin Lannister


要查看或添加评论,请登录

Joseph Sales的更多文章

  • IT Fundamentals
    2023年11月12日

    IT Fundamentals

    Infrastructure is comprised of all the technologies that support an organization’s IT activities. It can include…

  • Managing Reference Data
    2023年11月10日

    Managing Reference Data

    Reference Data Reference data is used to relate other information in a database. It standardizes how data elements are…

  • Compliance, Privacy and Regulatory Impact
    2023年11月4日

    Compliance, Privacy and Regulatory Impact

    Adhering to rules and standards are important to consider when managing and developing IT projects and applications…

  • What Is A Strategic Plan?
    2020年1月19日

    What Is A Strategic Plan?

    “Let your plans be dark and impenetrable as night, and when you move, fall like a thunderbolt.” ― Sun Tzu…

  • CCPA Effective 1/1/2020
    2019年12月22日

    CCPA Effective 1/1/2020

    Resource: https://leginfo.legislature.

  • HTB: "Lame" Tutorial
    2019年12月10日

    HTB: "Lame" Tutorial

    By using a username with shell meta characters, attackers can execute commands. No authentication is necessary because…

  • HackTheBox Invite Code Tutorial
    2019年12月7日

    HackTheBox Invite Code Tutorial

    HackTheBox is an online platform to test and advance your skills in penetration testing and cyber security. Join today…

  • Helpful Models for Addressing Security Concerns
    2019年11月18日

    Helpful Models for Addressing Security Concerns

    The Confidentiality, Integrity, Availability (CIA) Triad Confidentiality is the ability to protect information from…

  • Employee Motivation
    2019年8月18日

    Employee Motivation

    In the Harvard Management Update, researchers presented that motivation comes from having an enthusiasm for a job, and…

    2 条评论
  • Effective Teams
    2019年8月18日

    Effective Teams

    For any team to be effective, there are certain criteria that must be met: They must have a common purpose. They must…

社区洞察

其他会员也浏览了