Table of Contents

Legacyq
#

Overview
#

smb vulnerability.

I started broad, validated each finding, and then focused only on paths that were reproducible.

nmap scan results

Checking for existing smb vulnerabilities

I validated this step using the evidence below before moving forward in the chain.

PORT 445/tcp

Once the primitive was confirmed, I converted it into a stable foothold and chained it forward.

gained access to the shell, now lets look for the flags

root flag

user flag

Pwned