Scanning and Enumeration

Scanning

kali@kali:~/HTB/Legacy$ nmap -Pn -p139,445,3389 -sC -sV 10.10.10.4
Nmap scan report for 10.10.10.4
Host is up (0.078s latency).

PORT     STATE  SERVICE       VERSION
139/tcp  open   netbios-ssn   Microsoft Windows netbios-ssn
445/tcp  open   microsoft-ds  Windows XP microsoft-ds
3389/tcp closed ms-wbt-server
Service Info: OSs: Windows, Windows XP; CPE: cpe:/o:microsoft:windows, cpe:/o:microsoft:windows_xp

Host script results:
|_clock-skew: mean: -3h52m38s, deviation: 1h24m50s, median: -4h52m38s
|_nbstat: NetBIOS name: LEGACY, NetBIOS user: <unknown>, NetBIOS MAC: 00:50:56:b9:c2:72 (VMware)
| smb-os-discovery: 
|   OS: Windows XP (Windows 2000 LAN Manager)
|   OS CPE: cpe:/o:microsoft:windows_xp::-
|   Computer name: legacy
|   NetBIOS computer name: LEGACY\x00
|   Workgroup: HTB\x00
|_  System time: 2020-11-18T00:33:39+02:00
| smb-security-mode: 
|   account_used: <blank>
|   authentication_level: user
|   challenge_response: supported
|_  message_signing: disabled (dangerous, but default)
|_smb2-time: Protocol negotiation failed (SMB2)

Enumeration

SMB port 139,445

It appears that our point of Entry is going to be SMB. SMB has had known vulnerabilities in the past, let's check if there are any vulnerabilities using NMAP

nmap -Pn -script smb-vuln* -p 139,445 10.10.10.4

After running the nmap scan, the results show us that the box is vulnerable to

CVE-2009-3103
CVE-2017-0143
CVE-2008-4250 (likley)

PreviousLegacy (comeback to )NextExploitation

Last updated 5 years ago

Was this helpful?