Persecure : my learning archive

HTB Devel

https://app.hackthebox.com/machines/Devel

Run a nmap scan to find for open ports.

Webserver shows the IIS7 service.

Login to the FTP server via anonymous

It is a asps webserver , we can craft a reverse shell and put it inside the server.

Use msfvenom to create a payload.

Upload the payload via the FTP server.

Start a netcat listener and reload the reverse shell in the browser.

We can search an exploit for wndows 6.1.7600
Download the exploit

Upload it to the FTP server

Move to the inetpub\wwwroot directory to find the upload.

Run the exploit and root is gained.

Create a website or blog at WordPress.com