At the top of the list is “Legacy,” seemingly one of the earliest releases on HTB. It’s a straightforward Windows box, susceptible to two SMB vulnerabilities that can be easily exploited using Metasploit. I’ll demonstrate how to exploit these vulnerabilities without relying on Metasploit by generating shellcode and payloads with msfvenom, and adapting publicly available scripts to gain access. Additionally, in the post-exploitation phase, I’ll briefly explore the absence of “whoami” on XP systems.

Screenshot 04 13 2024 22.35.33

Both of these vulnerabilities grant system-level shell access. Additionally, they each have Metasploit modules that automate the exploitation process. However, to add value and relevance for those pursuing PWK / OSCP, I’ll demonstrate how to exploit each vulnerability manually, without relying on Metasploit.

Screenshot 04 13 2024 22.35.12

I’ll embed this shellcode into the script, replacing the default. Additionally, I’ll include a comment above it containing the msfvenom command string I used to generate it. This way, when revisiting the script in the future, I’ll have clarity on its purpose and origin.

Screenshot 04 13 2024 22.34.55

I’ll initiate a netcat listener, then execute the exploit.

Screenshot 04 13 2024 22.34.38


Screenshot 04 13 2024 22.33.24 1

read more about HACK THE BOX

Written by 

Related posts

error: Content is protected !!