Hack The Box: Retires Granny
Let's Start off with a simple Nmap Scan to see what open ports and services are available
There we go, only one port open for business
Port 80 and Microsoft IIS httpd 6.0
If you visit the web page 10.10.10.15, you are displayed with "The parameter is incorrect"
We could do some more enumeration but lets fire up Metasploit to find exploits.
I search for exploits against IIS using the command:
msf> search exploits/windows/iis
Once i run the exploit, i get a shell. Next i try to see if the directories are easy to access...if Not then i will have to Escalate Privileges.
EEK! Access is denied! So i need to Escalate Privileges.
I good way to do this with a windows box using Metasploit is using a tool called: Metasploit Local Exploit Suggester
Here is some information about the Suggester and how to use it:
After running the Suggester, 6 exploits came back for uses. Its always good to research which one will suit the job best. After trail and error i found that this exploit worked:
Now i background the session so i can use the new exploit. Then set the Local IP address and Network card which is TUN0 for the VPN.
Shell Yeah! I have my shell again. So next thing i need to do is see if the Exploit to for Priv Esculation worked.
Using the whoami command we see i have system, (root for windows machines)
"If you are unfamilar with the whoami command you can read about it here!"
I have the user.txt flag
Lets see if i can get Administrator flag for ROOT!