HackTheBox_Grandpa | w/ Metasploit

Posted Jul 21, 2024 Updated Aug 20, 2024

By Muqaram Majid

1 min read

HTB - Grandpa

Overview

Grandpa is an easy-tier machine on Hack The Box, offering insight into basic enumeration, vulnerability exploitation, and privilege escalation using Metasploit.

Enumeration

Nmap Scan Results

To start the enumeration, I performed an Nmap scan to discover open ports and services running on the target machine.

Homepage

The target’s homepage reveals some basic information.

Vulnerabilities

Port 80/tcp

The web service running on port 80 was found to be vulnerable. Here’s a link to the exploit.

Exploitation

With Metasploit

Using the vulnerability we found earlier, we gained access to the system. Now, let’s look around.

On trying to get the system information, we encounter this:

Listing Processes

Let’s list out the processes.

Migrating to NT Authority

Time to migrate into one of the NT Authority services.

Exploit Suggester

Now, let’s run a local exploit suggester and look for exploits for this system.

Privilege Escalation

Let’s go with the client_copy_image exploit

and there we go, we have escalated our privilege.

Root Flag

User Flag

Pwned

hackthebox, CTF, writeups

This post is licensed under CC BY 4.0 by the author.