kali@kali:~/HTB/Legacy$ nmap -Pn -p139,445,3389 -sC -sV 10.10.10.4
Nmap scan report for 10.10.10.4
Host is up (0.078s latency).
PORT STATE SERVICE VERSION
139/tcp open netbios-ssn Microsoft Windows netbios-ssn
445/tcp open microsoft-ds Windows XP microsoft-ds
3389/tcp closed ms-wbt-server
Service Info: OSs: Windows, Windows XP; CPE: cpe:/o:microsoft:windows, cpe:/o:microsoft:windows_xp
Host script results:
|_clock-skew: mean: -3h52m38s, deviation: 1h24m50s, median: -4h52m38s
|_nbstat: NetBIOS name: LEGACY, NetBIOS user: <unknown>, NetBIOS MAC: 00:50:56:b9:c2:72 (VMware)
| smb-os-discovery:
| OS: Windows XP (Windows 2000 LAN Manager)
| OS CPE: cpe:/o:microsoft:windows_xp::-
| Computer name: legacy
| NetBIOS computer name: LEGACY\x00
| Workgroup: HTB\x00
|_ System time: 2020-11-18T00:33:39+02:00
| smb-security-mode:
| account_used: <blank>
| authentication_level: user
| challenge_response: supported
|_ message_signing: disabled (dangerous, but default)
|_smb2-time: Protocol negotiation failed (SMB2)
Enumeration
SMB port 139,445
It appears that our point of Entry is going to be SMB. SMB has had known vulnerabilities in the past, let's check if there are any vulnerabilities using NMAP
nmap -Pn -script smb-vuln* -p 139,445 10.10.10.4
After running the nmap scan, the results show us that the box is vulnerable to
