Having very frustrating problems with several boxes in relation to this issue, but right now I am working with the retired box Legacy.
I am able to ping the box, and am able to run nmap against it. I have connectivity.
I run into issues when trying to exploit the box. Legacy is vulnerable to both ms17_010 and ms_08_067_netapi. After not having any luck using metasploit and getting a session, I looked up several writeups for this box and followed them to the letter; I still can’t get a session. I followed this writeup Hack The Box | “Legacy” Writeup – Esseum Tech. Upon exploitation I get:
msf5 exploit(windows/smb/ms08_067_netapi) > exploit
[] Started reverse TCP handler on 10.10.14.39:4949
[-] 10.10.10.4:445 - Exploit failed [unreachable]: Rex::ConnectionTimeout The connection timed out (10.10.10.4:445).
[] Exploit completed, but no session was created.
or with MS17
msf5 exploit(windows/smb/ms17_010_psexec) > exploit
[] Started reverse TCP handler on 10.10.14.39:4444
[-] 10.10.10.4:445 - Rex::ConnectionTimeout: The connection timed out (10.10.10.4:445).
[] Exploit completed, but no session was created.
I also tried a manual exploit for ms17_010 per this page: Hack The Box — Legacy: Penetration Testing without Metasploit | by SimonSays | Medium using the send_and_receive.py exploit and its dependencies from Github. I have impacket installed and ran it in python 3 and ended up with an error in one of the impacket files referencing a socket timeout which smells of the same issue I am having in metasploit.
running ‘ufw status’ returns that ufw is inactive.
I have tried generating a new connection pack and downloading and using that.
metasploit v5.0.87-dev
Kali 2020.2
Can anyone advise on what is going on here? It’s bizarre to me that I can reach the box (10.10.10.4) via ping and nmap but exploitation is having connectivity issues.