Hackthebox.eu - Retired - Legacy Recon I've been using Threader3000 for my recons can lately. I like the quick threaded up/down scan and the automated nmap scan. I like to convert the xml output of nmap to HTML to make it easier for me to read xsltproc legacy.htb.xml -o ../legacy.htb.html So it look like just two ports open Port 139 SMB Port 445 SMB Just smb but we can also see from the nmap output that its likely as windows XP box So it's just a windows xp box with smb exposed. I tried to use smbclient to see what shares were being shared. I kept getting a timeout so I assume no shares are open to anonymous access. What to do now? Well how about we just google " Windows XP SMB Exploit" Here is the first result https://ivanitlearning.wordpress.com/2019/02/24/exploiting-ms17-010-without-metasploit-win-xp-sp3/ MS-17-010 is also known as eternal blue. This is kind of an infamous vulnerability, not only because it was very effective, but because it appears
@circusmonkey404 on the twitters; DM for contact