HTB Granny

Run a nmap scan to find for open ports.

Google the IIS version and the common exploit can be found.

Web server is under construction but uses the IIS framework.

Start up msfconsole to find for exploits.

use exploit number 2
Set up the necessary options and run the exploit.
Migrate to the wmiprvse.exe process
Cant get the full access.
background the session and search for a local exploit.

exploit/windows/local/ms14_070_tcpip_ioctl is a local exploit we can use.

Run the exploit.

Head to Lakis user and get the user flag.

Head to the Administrator folder to get the root flag.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Comments (



%d bloggers like this: