Post

HackTheBox_Arctic w/o Metasploit

Posted Updated
By Muqaram Majid
1 min read

HTB - Arctic

Image

Enumeration

Nmap Scan Results

Image

Homepage

Image

Admin Page

Image

Vulnerabilities

CFIDE Exploits

Directory traversal exploit:

https://www.exploit-db.com/exploits/50057

Additional directory traversal exploit:

https://www.exploit-db.com/exploits/14641

Exploitation w/o Metasploit

Directory Traversal Exploit

Image

Visiting Directory

Image

Hash Identification

Image

Image

Using Hashcat

Image

Image

Accessing Admin Page

We find the scheduled task page, where we can possibly upload our payload:

Image

JSP Payload Upload

Create a JSP payload with msfvenom and upload it:

Image

Image

Starting a Simple Server

Image

File Retrieval

Image

Image

Visiting Index

Image

Getting a Shell

Image

System Information

``` Host Name: ARCTIC
OS Name: Microsoft Windows Server 2008 R2 Standard
OS Version: 6.1.7600 N/A Build 7600
OS Manufacturer: Microsoft Corporation
OS Configuration: Standalone Server
OS Build Type: Multiprocessor Free
Registered Owner: Windows User
Registered Organization:

Product ID: 55041-507-9857321-84451
Original Install Date: 22/3/2017, 11:09:45
System Boot Time: 6/8/2024, 6:24:51
System Manufacturer: VMware, Inc.
System Model: VMware Virtual Platform
System Type: x64-based PC
Processor(s): 1 Processor(s) Installed.
[01]: AMD64 Family 25 Model 1 Stepping 1 AuthenticAMD ~2595 Mhz
BIOS Version: Phoenix Technologies LTD 6.00, 12/11/2020
Windows Directory: C:\Windows
System Directory: C:\Windows\system32
Boot Device: \Device\HarddiskVolume1
System Locale: el;Greek
Input Locale: en-us;English (United States)
Time Zone: (UTC+02:00) Athens, Bucharest, Istanbul
Total Physical Memory: 6.143 MB
Available Physical Memory: 5.097 MB
Virtual Memory: Max Size: 12.285 MB
Virtual Memory: Available: 11.288 MB
Virtual Memory: In Use: 997 MB
Page File Location(s): C:\pagefile.sys
Domain: HTB
Logon Server: N/A
Hotfix(s): N/A
Network Card(s):

1 NIC(s) Installed.
[01]: Intel(R) PRO/1000 MT Network Connection
Connection Name: Local Area Connection
DHCP Enabled: No
IP address(es)
[01]: 10.10.10.11

```

Exploit Suggestion

Put this information into a local Windows exploit suggester:

Image

Using MS10-059

Image

Uploading and Executing Exploit

Image

Upgraded Shell

Image

Root flag:

Image

User flag:

Image

hackthebox, CTF, writeups
ctf hackthebox writeup windows easy
This post is licensed under CC BY 4.0 by the author.

Comments powered by Disqus.