Member-only story
Legacy WriteUp | SMB Remote Code Execution
Greetings everyone,
Today, I will be conducting an in-depth analysis of an older HackTheBox machine known as “Legacy.” The relative ease of compromising this machine allows for a thorough examination of the vulnerabilities present and an exploration of the underlying causes for this security flaw.
1) Reconnaissance
Anyway, lets start with reconnaissance:
Initially, I decided to conduct basic scan against machine because I am dealing a CTF. That’s why, it is not important to make noise on network.
We have SMB, RPC and NetBIOS. Except SMB, other ones are more correlated to communication protocols. By default, I will firstly enumerate the SMB service.
In order to achieve that operation, I decided to conduct a enum4linux scan:
enum4linux -a 10.10.10.4
Besides, I wanted to access by using smbclient
However, It does not give me valuable results:
Lastly, I recognized that I have not conducted nmap scan with using service scan (-sV) + NSE vuln script+ full-range port scan:
