Legacy is a fairly straightforward beginner-level machine which demonstrates the potential security risks of SMB on Windows. Only one publicly available exploit is required to obtain administrator access.
Starting off with our Nmap scan
Ports 135, 129, and 445 are open. We are going to want to locate vulnerabilities related to SMB.
Using nmap to scan for smb vulnerabilities, we come across 2 different CVEs that we can test against.
For this lab, we are going to attempt to exploit CVE-2008-4250
https://nvd.nist.gov/vuln/detail/CVE-2008-4250
Exploit DB shows that there is a metasploit module we can utilize for this (EDB Verified)
https://www.exploit-db.com/exploits/7104
From here we can exploit and get a meterpreter shell
Since it appears we have system level access, we just have to navigate to the user and Administrator desktops and we are able to retrieve the flags
