Hack The Box Arctic
Testing Methodologies
We can start the enumeration by starting a nmap scan
The output shows that the ports 135,8500 and 49154 are open
By visiting port 8500 we have an directory listing
By visiting the CFIDE directory we have a coldfusion
By googling about cold fusion there is Path Traversal Vulnerability that can be used to extract password of admin
Seems like the password is encrypted which is SHA1 we can use hashcat to crack the password
The password is "happyday" now we can login to coldfusion
We can now upload a cfexec.cfm script to execute code on the system
Now we can upload a meterpreter shell which can be generated using Veil Evasion which will bypass any antivirus running on the system
We have a meterpreter session now but our session is 32 bit we can convert to to 64 bit using the payload_inject module
By running payload suggester over the session it seems like it is vulnerable to schelevator exploit
Comments
Post a comment