
As always start with scanning with the help of NMAP.
Command: nmap -sV -sC -Pn -O -A <ip address>

Here we get to see that only HTTP port is open, after visiting HTTP we got this

Microsoft IIS 6.0 is running
The vulnerability is in Microsoft IIS 6.0 as seen in the CVE-2017-7269.

Let’s fire up the msfconsole and exploit this vulnerability

Here, is the toughest part PRIVILEGE ESCALATION
One of the tools that is useful for this type of scenario is Metasploit’s local exploit suggester module. Checking the output of the module’s execution suggests vulnerability to local exploits. One such exploit is MS14-070 tcpip ioctl and it is the one I proceed with.

Proceeding with the new exploit I supply the module with the current meterpreter session and run it.

The final flag can be accessed by changing to the directory of C:\Documents and Settings\Administrator\Desktop and viewing the flag.txt file.

Writer: Harsh is Penetration testing student at Azure Skynet. You can contact him here.
Great Article about Htb