Noob here,
I watched a couple of write-ups for a nudge in the right direction for Legacy.
So far I’ve nmapped this
– sudo nmap -sV -sC -A -oA 10.10.10.4 10.10.10.4
Starting Nmap 7.80 ( https://nmap.org ) at 2020-05-04 01:44 EDT
Nmap scan report for 10.10.10.4
Host is up (0.13s latency).
Not shown: 997 filtered ports
PORT STATE SERVICE VERSION
139/tcp open netbios-ssn Microsoft Windows netbios-ssn
445/tcp open microsoft-ds Windows XP microsoft-ds
3389/tcp closed ms-wbt-server
Device type: general purpose|specialized
Running (JUST GUESSING): Microsoft Windows XP|2003|2000|2008 (94%), General Dynamics embedded (87%)
OS CPE: cpe:/o:microsoft:windows_xp::sp3 cpe:/o:microsoft:windows_server_2003::sp1 cpe:/o:microsoft:windows_server_2003::sp2 cpe:/o:microsoft:windows_2000::sp4 cpe:/o:microsoft:windows_server_2008::sp2
Aggressive OS guesses: Microsoft Windows XP SP3 (94%), Microsoft Windows Server 2003 SP1 or SP2 (92%), Microsoft Windows XP (92%), Microsoft Windows Server 2003 SP2 (92%), Microsoft Windows 2003 SP2 (91%), Microsoft Windows 2000 SP4 (91%), Microsoft Windows XP SP2 or Windows Server 2003 (91%), Microsoft Windows Server 2003 (90%), Microsoft Windows XP Professional SP3 (90%), Microsoft Windows XP SP2 (90%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 2 hops
Service Info: OSs: Windows, Windows XP; CPE: cpe:/o:microsoft:windows, cpe:/o:microsoft:windows_xp
Host script results:
|clock-skew: mean: 5d00h27m49s, deviation: 2h07m16s, median: 4d22h57m49s
|nbstat: NetBIOS name: LEGACY, NetBIOS user: , NetBIOS MAC: 00:50:56:b9:62:e5 (VMware)
| smb-os-discovery:
| OS: Windows XP (Windows 2000 LAN Manager)
| OS CPE: cpe:/o:microsoft:windows_xp::-
| Computer name: legacy
| NetBIOS computer name: LEGACY\x00
| Workgroup: HTB\x00
| System time: 2020-05-09T10:43:02+03:00
| smb-security-mode:
| account_used: guest
| authentication_level: user
| challenge_response: supported
| message_signing: disabled (dangerous, but default)
|_smb2-time: Protocol negotiation failed (SMB2)
TRACEROUTE (using port 3389/tcp)
HOP RTT ADDRESS
1 125.14 ms 10.10.14.1
2 125.26 ms 10.10.10.4
A particular write-up instructed to just google search “Windows XP microsoft-ds”
and the first result was conveniently the exploit I needed to proceed.
I’m not happy with this approach.
Nothing I tried in searchsploit produced something similar.
And I imagine this has been a thoroughly googled machine for answers.
Are there any alternatives to searching for existing exploits since searchsploit has fallen short for me here? Or do I just need to trust Google.