Post

HackTheBox_Devel | w/ Metasploit

Posted Updated
By Muqaram Majid
1 min read

HTB - Devel

Nmap Scan Results

Overview

This example is a walkthrough for a Hack The Box machine, showcasing enumeration, vulnerability exploitation, and privilege escalation.

Enumeration

Nmap Scan Results

To begin, I performed an Nmap scan to discover open ports and services running on the target machine.

Nmap Scan Results

Homepage

After the Nmap scan, I checked the homepage of the target server.

Homepage

Exploitation w/ Metasploit + Msfvenom

FTP Access

I accessed the FTP server anonymously.

FTP Access

Directory Listing

Next, I checked the directory structure on the FTP server.

Directory Listing

Reverse Shell Upload

I created a reverse TCP shell script using Msfvenom and uploaded it to the FTP server as a .aspx file, given that the server runs Microsoft IIS version 7.5.

Msfvenom Reverse Shell

Upload Shell Script

Meterpreter Session

Using Metasploit, I opened a Meterpreter session to gain access to the target machine.

Meterpreter Session

Enumeration After Access

With access gained, I proceeded with further enumeration to gather information about the system.

System Enumeration

System Info

Local Exploit Suggester

I utilized Metasploit’s local exploit suggester to identify potential privilege escalation vulnerabilities.

Local Exploit Suggester

Privilege Escalation

Privilege Escalation

Privilege Escalation

Exploitation

Using the suggested exploit, I managed to escalate privileges and gain full control over the target machine.

Privilege Escalation

Finally, I located and captured the flags.

User Flag

User Flag

Root Flag

Root Flag

Pwned

hackthebox, CTF, writeups
ctf hackthebox writeup windows easy
This post is licensed under CC BY 4.0 by the author.

Comments powered by Disqus.