OPTIMUM
- Layout for this exercise:

1 - INTRODUCTION
- The goal of this exercise is to develop a hacking process for the vulnerable machine Optimum, what is a retired machine from the Hack The Box pentesting platform:
https://www.hackthebox.eu/
2 - ENUMERATION
- Optimum's IP is 10.10.10.8:

- Scanning with Nmap:

- Going deeper with port 80:

3 - EXPLOITATION
- Looking for exploits related with HttpFileServer HFS 2.3:

- Launching Metasploit and using the exploit rejetto_hfs_exec:

- Setting Optimum's IP as RHOST:

- Setting Kali's IP as LHOST:

- Running the exploit we get a Meterpreter session:

- The user is kostas:

- Running a shell:

4 - CAPTURING THE 1st FLAG
- Reading user.txt.txt from user kostas' Desktop:

5 - PRIVILEGE ESCALATION
- Access to Administrator's desktop is denied:

- Looking for local Privilege Escalation exploits for Windows architecture x86-64:




- Reading instructions to download the executable 41020.exe:

- Downloading 41020.exe to our Kali machine:


- Uploading 41020.exe to Optimum:

- Getting a shell, let's confirm the presence of 41020.exe at Optimum:

- Remembering that the current user is kostas:

- Running the exploit we achieve System privileges:

6 - CAPTURING THE 2nd FLAG
- Finally, reading root.txt from Administrator's Desktop:
