The gMan nixWiki

Because the mind is made of Teflon...

User Tools

Site Tools

You are here: start » hack_htb_legacy
hack_htb_legacy

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
hack_htb_legacy [2020/11/07 00:23] gmanhack_htb_legacy [2022/09/24 18:19] (current) – removed gman
Line 1: Line 1:
-====== HTB: Legacy ====== 
- 
-IP: 10.10.10.4 
-Me: 10.10.14.25 
- 
-===== Scan ===== 
- 
-**Note:** masscan found a udp port that nmap did not. Remember to scan UDP! 
-  * I later ran nmap to scan UDP (-sU) and found it (it just take forever). 
-  * Syntax: ''nmap -sU -p137 10.10.10.4'' 
- 
-==== masscan ==== 
- 
-Scan Syntax: 
-<code> 
-masscan 10.10.10.4 -p1-65535,U:1-65535 --rate=1000 -e tun0 
-# -p1-65535,U:1-65535 # scan all TCP/UDP ports 
-# --rate=1000         # scan rate = 1000 packets per second 
-# -e tun0             # listen on the VPN network interface for responses 
-</code> 
- 
-Results: 
-<code> 
-Starting masscan 1.0.5 (http://bit.ly/14GZzcT) at 2020-09-20 23:05:00 GMT 
- -- forced options: -sS -Pn -n --randomize-hosts -v --send-eth 
-Initiating SYN Stealth Scan 
-Scanning 1 hosts [131070 ports/host] 
-Discovered open port 445/tcp on 10.10.10.4 
-Discovered open port 137/udp on 10.10.10.4 
-Discovered open port 139/tcp on 10.10.10.4 
-rate:  0.00-kpps, 100.00% done, waiting -308-secs, found=2 
-</code> 
- 
-==== nmap ==== 
- 
-First:  
- 
-<code> 
-root@kali:~# nmap -T4 -p- 10.10.10.4 
-Starting Nmap 7.80 ( https://nmap.org ) at 2020-09-20 17:51 CDT 
-Nmap scan report for 10.10.10.4 
-Host is up (0.037s latency). 
-Not shown: 65532 filtered ports 
- 
-PORT     STATE  SERVICE 
-139/tcp  open   netbios-ssn 
-445/tcp  open   microsoft-ds 
-3389/tcp closed ms-wbt-server 
-</code> 
- 
-Second:  
- 
-<code> 
-root@kali:~# nmap -T4 -A -p139,445,3389 10.10.10.4 
-Starting Nmap 7.80 ( https://nmap.org ) at 2020-09-20 17:54 CDT 
-Nmap scan report for 10.10.10.4 
-Host is up (0.037s latency). 
- 
-PORT     STATE  SERVICE       VERSION 
-139/tcp  open   netbios-ssn   Microsoft Windows netbios-ssn 
-445/tcp  open   microsoft-ds  Windows XP microsoft-ds 
-3389/tcp closed ms-wbt-server 
-Device type: general purpose|specialized 
-Running (JUST GUESSING): Microsoft Windows 2000|XP|2003|2008 (92%), General Dynamics embedded (87%) 
-OS CPE: cpe:/o:microsoft:windows_2000::sp4 cpe:/o:microsoft:windows_xp::sp2 cpe:/o:microsoft:windows_xp::sp3 cpe:/o:microsoft:windows_server_2003 cpe:/o:microsoft:windows_server_2008::sp2 
-Aggressive OS guesses: Microsoft Windows 2000 SP4 or Windows XP SP2 or SP3 (92%), Microsoft Windows XP SP2 (92%), Microsoft Windows XP SP2 or Windows Small Business Server 2003 (91%), Microsoft Windows Server 2003 (90%), Microsoft Windows 2000 SP4 (90%), Microsoft Windows XP Professional SP3 (90%), Microsoft Windows XP SP2 or SP3 (90%), Microsoft Windows XP SP3 (90%), Microsoft Windows XP SP2 or Windows Server 2003 (90%), Microsoft Windows 2000 Server (89%) 
-No exact OS matches for host (test conditions non-ideal). 
-Network Distance: 2 hops 
-Service Info: OSs: Windows, Windows XP; CPE: cpe:/o:microsoft:windows, cpe:/o:microsoft:windows_xp 
- 
-Host script results: 
-|_clock-skew: mean: -4h27m04s, deviation: 2h07m16s, median: -5h57m04s 
-|_nbstat: NetBIOS name: LEGACY, NetBIOS user: <unknown>, NetBIOS MAC: 00:50:56:b9:6c:76 (VMware) 
-| smb-os-discovery:  
-|   OS: Windows XP (Windows 2000 LAN Manager) 
-|   OS CPE: cpe:/o:microsoft:windows_xp::- 
-|   Computer name: legacy 
-|   NetBIOS computer name: LEGACY\x00 
-|   Workgroup: HTB\x00 
-|_  System time: 2020-09-20T22:57:48+03:00 
-| smb-security-mode:  
-|   account_used: <blank> 
-|   authentication_level: user 
-|   challenge_response: supported 
-|_  message_signing: disabled (dangerous, but default) 
-|_smb2-time: Protocol negotiation failed (SMB2) 
- 
-TRACEROUTE (using port 3389/tcp) 
-HOP RTT      ADDRESS 
-1   36.83 ms 10.10.14.1 
-2   37.15 ms 10.10.10.4 
- 
-OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . 
-Nmap done: 1 IP address (1 host up) scanned in 61.96 seconds 
-</code> 
- 
-==== MetaSploit ==== 
- 
-This took forever but I let it run anyway... 
-  * I actually finished hacking into the box by the time this finished. 
- 
-<code> 
-Module options (auxiliary/scanner/portscan/syn): 
- 
-   Name       Current Setting  Required  Description 
-   ----       ---------------  --------  ----------- 
-   BATCHSIZE  256              yes       The number of hosts to scan per set 
-   DELAY      0                yes       The delay between connections, per thread, in milliseconds 
-   INTERFACE                   no        The name of the interface 
-   JITTER                    yes       The delay jitter factor (maximum value by which to +/- DELAY) in milliseconds. 
-   PORTS      1-65535          yes       Ports to scan (e.g. 22-25,80,110-900) 
-   RHOSTS     10.10.10.4       yes       The target host(s), range CIDR identifier, or hosts file with syntax 'file:<path>' 
-   SNAPLEN    65535            yes       The number of bytes to capture 
-   THREADS    100              yes       The number of concurrent threads (max one per host) 
-   TIMEOUT    500              yes       The reply read timeout in milliseconds 
- 
-msf5 auxiliary(scanner/portscan/syn) > run 
- 
-</code> 
- 
-===== Enumerate ===== 
- 
- 
-===== Exploit ===== 
- 
- 
-===== Post-Ex Enum ===== 
- 
  
hack_htb_legacy.1604708631.txt.gz · Last modified: by gman