Retired Legacy Box

I got a shell on the system, but cannot find the flag ^^
The Documents and Settings folder is empty, even after reset and server switch. Any suggestions ?
Thanks

Desktop

Or try
dir /a /r
?

Solved it :slight_smile: I didn’t escaped the space ^^

meterpreter > cd Documents and Settings 
[-] stdapi_fs_chdir: Operation failed: The system cannot find the file specified.
meterpreter > cd "Documents and Settings"

and then User/Desktop was correct.

Thx 3mrgnc3

Not seeing any flag anywhere lol. Dropped to a shell from meterpreter:

C:\Documents and Settings\Administrator>cd Desktop
cd Desktop

C:\Documents and Settings\Administrator\Desktop>dir
dir
 Volume in drive C has no label.
 Volume Serial Number is 54BF-723B

 Directory of C:\Documents and Settings\Administrator\Desktop

28/05/2019  03:50 ��    <DIR>          .
28/05/2019  03:50 ��    <DIR>          ..
               0 File(s)              0 bytes
               2 Dir(s)   6.400.901.120 bytes free

C:\Documents and Settings\Administrator\Desktop>

Edit: looks like someone had messed with the box… lol

Old forum, but theres something I want to know

first thing I done when i got meterpreter was hashdump. got all hashes, put them into hashcat with rockyou.txt and it kept on going to 100% with status “exhausted” - they were NTLM hashes right? why did it not crack any?

Old box, but as I was trying to exploit it via the MS08-067 code from EDB, my initial attempts did not work (I chose XP SP0/SP1). Every time I ran the exploit, the service probably just crashed and I had to reset the machine. I then turned to metasploit which correctly detected the OS to be XP SP3, ran the exploit for the correct OS version, and successfully got me an admin shell.

My question is: If I wanted to run the EDB exploit successfully, I need detect the correct OS version beforehand. The nmap scripts don’t work - they only go as far as suggesting that the OS is XP, and not the service pack number. Are there other tools (non-metasploit) that fingerprint the OS more reliably?