Thursday, January 10, 2019

Granny


GRANNY

- Layout for this exercise:






1 - INTRODUCTION

- The goal for this exercise is to develop a hacking process for the vulnerable machine Granny, what is a retired machine from the Hack The Box pentesting platform:

https://www.hackthebox.eu/


2 - ENUMERATION

- Granny's IP:




- Scanning with Nmap the only open port is 80, where the web server Microsoft IIS 6.0 is running:




- Connecting with the browser the site seems Under Construction:




3 - EXPLOITATION

- Searching for IIS vulnerabilities we find this one, what can be exploited with Metasploit:






- Running Metasploit and using exploit/windows/iis/iis_webdav_upload_asp, the only parameter we need to set is RHOST = 10.10.10.15:




- Running the exploit a Meterpreter session is achieved:




- With the purpose of stabilizing the Meterpreter session let's migrate to another process, just  entering the current session id to the module post/windows/manage/migrate:




- The module is completed:





4 - PRIVILEGE ESCALATION

- However, the previous session 1 has not System privileges:







- Getting a shell:




- Access is denied to main users folders:






- To perform successful Privilege Escalation let's use the module local_exploit_suggester, entering again the current session id:




- Running:




- Let's take this one:




- However, when running the exploit it fails, and the reason is because Metasploit has taken by default LHOST at 192.168.1.19, what is not the IP used by Kali to connect to Hack The Box VPN:





- Changing to LHOST =10.10.14.8 and running again, now the exploit works:






- This 2nd Meterpreter session has got System privileges:





5 - CAPTURING THE FLAGS

- Getting the flags is just a matter of browsing folders back and forth until finding them:







- Reading the 1st flag user.txt:








- Reading the 2nd flag root.txt: