HackTheBox Writeup — Legacy

Hello Guys , I am Faisal Husaini. My username on HTB is “faisalelino” .

Since I got VIP Connection few days ago , I am going to solve as many retired boxes as possible and create writeups for each one of them. I hope you enjoy them and dont boast me for it :)

The IP of this box is

NMAP Results

We run NMAP Scan against the target

We see only 3 ports open here currently , Port 139 running NetBios , Port 445 running Microsoft-Ds and Port 3389 running ms-wbt server

We also got an information about the operating system here , that is Microsoft Windows XP

RDP Port Exploit Check

As we see that the Port 3389 is open , which is RDP , so we try to check whether it is exploitable or not with ms12_020 in msfconsole

We use the auxiliary/scanner/rdp/ms12_020_check

We set our options and then ran it , but unfortunately , this didnt seemed to be vulnerable , but we remember that the box is Windows XP , so there was a famous msf exploit for it


So we remember the exploit was MS08–067 NetAPI from msf , so lets try it by using this module

We are set ready and ready to exploit

Boom! We got meterpreter , let’s try to check the UID by using the getuid command

We see that we have NT Authority\SYSTEM , which means we have Administrator Access

Let’s get the user and root flags

User Flags are usually located at the Desktop Folder of the user

Before that we get the shell access using the shell command on meterpreter

Now we move on to getting the User Flag

So the user flag was located under C:\Documents and Settings\john\Desktop

Now we move on to getting the root flag which is usually located under the Desktop folder of Administrator account

So , here’s the box , this was super easy like the Lame machine which I did before this one , I hope doing more and more and complete the retired machines and also the writeups for them


Hacker | Bug Hunter | Python Coder | Gamer | Reverse Engineering Lover

Hacker | Bug Hunter | Python Coder | Gamer | Reverse Engineering Lover