Hack The Box Devel

Testing Methadologies

We can start the enumeration with a nmap scan

nmap -sC -sC 10.10.10.5

The nmap scan output shows that only two ports are open 21 (FTP) and 80 (HTTP)

FTP has anonymous login enabled and nmap has already done that for us by looking at the output we can see some files like "iisstart.htm" which is the index page of IIS so it shows that the ftp root folder is actually the web server root folder, Now we can create a shell and upload it via FTP and access the file through HTTP

Now we have generated an aspx shell using msfpc which is metasploit payload generator, We can then upload the shell using the put command in ftp and access it from the browser

By accessing the shell from the browser we get a callback to metasploit and we can execute code on the server,

Privilege escalation 

Since we are a low privilege user we have to escalate to administrator in order to get the root flag 

METASPLOIT HAS A module that checks for local exploits on a machine we can use that to check if the server has any vulnerabilities

BY running the module we can see that it is vulnerable now we can select any one of these modules to gain access as a higher privileged user

Now we are THE administrator user