Grandpa#
Overview#
- OS: Windows
- IP: 10.10.10.14
- Difficulty: Easy
- Platform: HackTheBox
- OSCP: No
- Lists: N/A
Summary#
learnt to use the local exploit suggester.
Enumeration#
I started broad, validated each finding, and then focused only on paths that were reproducible.
nmap scan results
homepage
Vulnerabilities#
Port 80/tcp
https://www.rapid7.com/db/modules/exploit/windows/iis/iis_webdav_scstoragepathfromurl/
Exploitation#
- with metasploit
using the vulnerability we found earlier , we have gotten access pretty easily now lets look around
Alright , so we are not able to access either harry or administrator possibly because our users privilege is low.
on trying to get the system information we encounter this
lets list out the processes
time to migrate into one of the nt authority services
now lets run a local exploit suggester and look for exploits for this system.
lets go with the client_copy_image
and there we go, we have escalated our privilege
root flag
user flag
pwned