Persecure : my learning archive

HTB Grandpa

Run a nmap scan to find for open ports.

The web server gives us an error.

Run a dirb scan to find for hidden directories.

Searchsploit Microsoft IIS 6.0.

Start up msfconsole and use the metasploit exploit.

Use the Microsoft IIS WebDav ScStoragePathFromUrl Overflow module.

Set the TARGETURI option to /_vti_bin that was found on the dirb scan. And set the other necessary options and run the exploit.

Get a shell and find the flags in the Documents and Settings folder.

Create a website or blog at WordPress.com