GRANDPA: HACK THE BOX (HTB)

Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn
Share on whatsapp
WhatsApp

As always start with scanning with the help of NMAP.

Command:   nmap -sV -sC -Pn -O -A <ip address>

Here we get to see that only HTTP port is open, after visiting HTTP we got this

Microsoft IIS 6.0 is running

The vulnerability is in Microsoft IIS 6.0 as seen in the CVE-2017-7269.

Let’s fire up the msfconsole and exploit this vulnerability

Here, is the toughest part PRIVILEGE ESCALATION

One of the tools that is useful for this type of scenario is Metasploit’s local exploit suggester module. Checking the output of the module’s execution suggests vulnerability to local exploits. One such exploit is MS14-070 tcpip ioctl and it is the one I proceed with.

Proceeding with the new exploit I supply the module with the current meterpreter session and run it.

The final flag can be accessed by changing to the directory of C:\Documents and Settings\Administrator\Desktop and viewing the flag.txt file.

Writer: Harsh is Penetration testing student at Azure Skynet. You can contact him here.

Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn
Share on whatsapp
WhatsApp

1 thought on “GRANDPA: HACK THE BOX (HTB)”

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top