HackTheBox: Devel

 Welcome Back Guys, Today we are going to talk about Hack The Box machine named DEVEL.


So lets start with Network Mapper (NMAP) scan.


After rectifying the output, conclusions for this is. 


As we can see two ports are running port 21, 80 for FTP, HTTP respectively.

So lets check port 80 first


Now lets see the FTP port no. 21 using command

Seeing the output, we can rectify that we can send any file from our machine to the victim machine.

So lets try sending a aspx file for getting a reverse shell from that. So my file would be like shell.aspx and this would be created from using below mentioned command.


Now lets upload the file through FTP onto 10.10.10.5, and then start the listener on port no you specified while making payload in msfvenom command.



Now access the payload using URL as /shell.aspx So now check whether you have received the reverse connection from website or not.


But still we dont have access to any users like Babis nor Administrator.

So we would check the system information using the command systeminfo.


So we can see here the details of machine as Microsoft Windows 7 Enterprise v6.1.7600.

So after researching on Internet, I came across secwiki's windows kernel exploit payloads. (Figure shows and link provided)

LINK: https://github.com/SecWiki/windows-kernel-exploits

So now we have to select the exploit which is exploitable on Microsoft Windows 7 Enterprise v6.1.7600 .

So the details would be like for MS11-046

So download this file and upload using ftp as same processed we used earlier.


and then we have to locate the uploaded file in C: drive of victim machine.

After some search I got to know that .exe files are executed after converting them to binary. So while sending them through FTP onto victim machine start the bin as follows.


And now run the ms11-046.exe on victim's windows machine.

Enjoy the day bye. Do let me know if any corrections.



Comments

Post a Comment

Popular posts from this blog

HackTheBox: Legacy

Image
Hello, and Welcome back on this blog, today we are going to do a walk-through for Hack The Box machine named LEGACY. So lets start with Network Mapper (NMAP) command for getting knowledge of this machine regarding open ports, OS versions, services etc. So rectifying output for this command. And from this output ports and services which is beneficial for us are as follows. As seen if we search the version of this windows on google then we could find the exploit like. And follow the steps to get reverse shell. So getting reverse shell be like Do note that we have had changed the LHOST IP to your local IP address after connecting to VPN that means your tun0 IP address. Do comment your thoughts.
Read more

HackTheBox: Beep

Image
 Hello Friends, welcome back to my blog for another writeup based on Hack The Box series for machine named BEEP. So starting with nmap scan,  We got output with many ports and their services. Lets check out the website as port 80/443 are open. Lets find out about the directories by brute forcing using gobuster. Here we could see the directory named vtigercrm, management portal if tried to access goes to index.php page. So when researched about the vtigercrm, we got to know about exploit db number 37637 LINK: https://www.exploit-db.com/exploits/37637 This machine is exploitable using LFI vulnerabilities as mentioned in exploitdb 37637 number exploit. Working through we get to know about //etc/amportal.conf%00&module-Accounts&action. Just view page source and it would give you sorted view. Gather all the password and usernames from the page source and save it in files username.txt and password.txt respectively. now we dont know the actual userid password so we can try br...
Read more

HackTheBox: Lame

Image
Hello Friends, Welcome to the first ever writeup on easy box released on 15th March, 2017 on Hack The Box named LAME. So lets start with Network Mapper command. (As stated below) So rectify the output of this command So as we can see we got 4 ports open in this machine as listed below. As you can see port no. 21 and 22 would need login user id and password so we wont bother there, and enumerate port no. 139 and 445. Were exactly port no. 139 does not mention us the version number we would go with port 445. Lets search version of services running on on port no. 445 that is Samba smbd 3.0.20-Debian . Going through we get to know about metasploitable tool, and how to use it for this vulnerability. LINK: https://www.rapid7.com/db/modules/exploit/multi/samba/usermap_script/   Using this we would try to gain reverse-shell. Note that RHOSTS is HTB's machine IP address, and LHOST is your machine IP address after using vpn which you can find using following command. We have got into the mac...
Read more