OPTIMUM
- Layout for this exercise:
1 - INTRODUCTION
- The goal of this exercise is to develop a hacking process for the vulnerable machine Optimum, what is a retired machine from the Hack The Box pentesting platform:
https://www.hackthebox.eu/
2 - ENUMERATION
- Optimum's IP is 10.10.10.8:
- Scanning with Nmap:
- Going deeper with port 80:
3 - EXPLOITATION
- Looking for exploits related with HttpFileServer HFS 2.3:
- Launching Metasploit and using the exploit rejetto_hfs_exec:
- Setting Optimum's IP as RHOST:
- Setting Kali's IP as LHOST:
- Running the exploit we get a Meterpreter session:
- The user is kostas:
- Running a shell:
4 - CAPTURING THE 1st FLAG
- Reading user.txt.txt from user kostas' Desktop:
5 - PRIVILEGE ESCALATION
- Access to Administrator's desktop is denied:
- Looking for local Privilege Escalation exploits for Windows architecture x86-64:
- Reading instructions to download the executable 41020.exe:
- Downloading 41020.exe to our Kali machine:
- Uploading 41020.exe to Optimum:
- Getting a shell, let's confirm the presence of 41020.exe at Optimum:
- Remembering that the current user is kostas:
- Running the exploit we achieve System privileges:
6 - CAPTURING THE 2nd FLAG
- Finally, reading root.txt from Administrator's Desktop:
