HTB : Bastard

Network Enumeration

To begin our exploration of the network, let’s initiate an nmap scan in order to identify all open ports.

Web Enumeration

I tried to run gobuster and other directory enumeration tools but it wasn’t working.

Port 80

It is running a Drupal 7 CMS system.

Drupal 7 is a free and open-source content management system (CMS) that was released in 2011. It offers a flexible framework for building and managing websites, with a large and active community of developers and users contributing to its ongoing development and support.

From the nmap scan in the beginning we can view the robots.txt file.


We find the changelog.txt that usually showcases the version of Drupal.


Let’s use searchsploit to find an exploit.


Reading the help file of the exploit we need to set a line to false as we are performing the exploit on a windows machine.

We might need to install additional dependencies for the scrip to work.

Initial shell

System enumeration

Privilege escalation

Let’s run the windows exploit suggester to find some potential exploits.

There are many exploits to choose, let’s try MS10-059.

MS10-059 is a security vulnerability in the Windows operating system that was discovered in 2010. The vulnerability allows an attacker to execute arbitrary code on a victim’s machine by exploiting a flaw in the way that the Windows kernel handles certain types of font files. The exploit can be used to gain remote access to a victim’s computer, steal data, or carry out other malicious actions.

Get the exploit in the site below and upload it to the victim machine.


Before running the exploit set up a netcat listener.

Admin shell is gained, we can get the flags in the user’s desktops.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Comments (



Create a website or blog at WordPress.com

%d bloggers like this: