GRANDPA
- Layout for this exercise:

1 - INTRODUCTION
- The goal of this exercise is to develop a hacking process for the vulnerable machine Grandpa, what is a retired machine from the Hack The Box pentesting platform:
https://www.hackthebox.eu
2 - ENUMERATION
- Grandpa's IP is 10.10.10.14:

- Scanning with Nmap:

- Scanning deeply the only open port 80, we learn that the web server is running Microsoft IIS httpd 6.0:

3 - EXPLOITATION
- So Grandpa is running IIS 6.0 on port 80, what can be exploited by these exploits:

- Actually there is a Metasploit module for this specific exploit:


- Let's try the exploit:

- Setting Grandpa's IP as RHOST and checking the vulnerability:

- Because we had some problems running the exploit, let's expand both MAX and MIN path lenghts up to the interval 1 to 300:

- Running the exploit there is a successful Meterpreter session:

- Getting information about the system:

- However, it seems that the Meterpreter session is limited:

4 - PRIVILEGE ESCALATION
- Let's migrate to a higher elevated process:


- Backgrounding the session:

- Looking for local escalation privilege exploits for SESSION 1:

- The last one seems to be interesting:

- Launching the exploit for SESSION 1:

- However when running it fails, and the reason is clear: it has taken by default the Kali's non-VPN interface's IP:

- Resetting LHOST and LPORT:

- Expanding the WAIT period up to 60 seconds:

- Running the exploit we get another successful Meterpreter session, in this case with System privileges:

5 - CAPTURING THE FLAGS
- Spawning a shell:

- Reading the 1st flag user.txt:

- Reading the 2nd flag root.txt:
