Skip to main content

HTB GRANDPA WALKTHROUGH



HackTheBox is an excellent platform for various pen-testers to increase their testing skills and knowledge.
Machine Level -Easy
Machine Name -Grandpa
Machine OS -Windows
Machine IP -10.10.10.14
Tools:
Nmap -Nmap is a fantastic tools for scanning the open ports, services and OS detection. You can use other tools other than nmap (which ever you are more comfortable with ) like masscan, SPARTA etc to scan for open ports.
Metasploit -One of the most common and widely used tool by pen-testers to launch exploits, it is maintained by Rapid 7 . Many books are available to understand the features of this tool.
Method :
Scanning the machine is the first step(i.e. Enumeration). We use the following nmap command,
sudo nmap -T4 -p- -A 10.10.10.14
The command  scans for all ports(-p-) with threads speed 4 (-T4) and also gives you version details  (-A).
So, only port 80 is open. Its says its running Microsoft IIS 6.0 , but first lets visit the victim's IP and see what's there.
There's nothing to do on the page. It says its under constructor.
Let's search for Microsoft IIS 6.0 in the searchsploit.
There are some results, but we are interested in remote execution, so lets search for this Remote Buffer Overflow on google.
There is a module by Rapid7, let's visit this.
Copy the module's exploit.
Fire up your msfconsole and use the exploit.
See for its options, we see that we need to provide the rhosts Use the command
set rhosts 10.10.10.14
Run the exploit.
Exploit successful, we got a meterpreter shell. Lets see system information and what access we have in the shell.
So, the access is denied. We need to do privilege escalation to gain access.
Lets background the session .
Now, let's start interaction with the session (or you can directly use the suggester to see possible exploits available.)
Use the command ps to see for processes running.
See for the various process with privileges. If you are lucky you can get Authority access for some machines.
We see we have  NT Authority\Network Service as a user . Lets migrate to it.
Use command migrate 1836
We are NT Authority\Network Service. But we need to be Authority .
Lets background the session and use suggester
Set the session to 1 and run the suggester.
Several exploit are there. Use any one. Use the command :
use exploit/windows/local/ms15_051_client_copy_image
Use the exploit and see for options available.
Set the session to 1 and run the exploit.
Exploit successful. Now we are NT Authority\System.
Grab the root flag.

Grab the user flag.
That's all for this machine.
Thanks!

Comments

Post a Comment

Popular posts from this blog

VULNHUB INFOSEC PREP : OSCP

Welcome to the walkthrough of InfoSec Prep: OSCP walkthrough. It is a beginner-level boot2root machine and it can be downloaded from  here . I cracked this machine literally 5 minutes after it booted properly. So you can consider this machine the easiest.  Hint: Nmap Finding secret.txt and decoding it. Login via ssh. Privilege escalation to root via SUID binary.  Boot up the machine and it should show the IP address. We start off by pinging the box to verify that the box is up and running and we can reach out to it. Command: ping <IP> Then we can run Nmap scan to look for open ports and services running on the box. We will use -sC for running default scripts, -sV for Version/Service info and -T4 for faster execution, and -o for saving the result on a file named nmap The command is: sudo nmap -sC -sV -T4 <IP> -o filename Looking at the scan results, port 22 is open and running ssh, and port 80 is open, and it's running Apache. We can also see a directory named ...
Post a Comment
Read more

Beginners Code Review Part 1

  Image credits to  Leobit This is a walkthrough of an exercise created by  PentesterLab  as a free course for learning beginner-friendly source code review. The link to the source code is here . Either clone it or download it as a zip locally. As instructed in the exercise we won't run the run, just read through the source code and look for possible weaknesses that we can leverage into vulnerabilities. LIST OF WEAKNESSES You can find below the list of issues present in the application: Hardcoded credentials or secrets Information leak Missing security flags Weak password hashing mechanism Cross-Site Scripting No CSRF protection Directory Listing Crypto issue Signature bypass Authentication bypass Authorization bypass Remote Code Execution Hand-On Findings and Objectives * Hardcoded credentials or secrets      ...
Post a Comment
Read more

KIOPTRIX LEVEL 1 WALKTHROUGH WITH AND WITHOUT METASPLOIT

Kioptrix Level 1 is a beginner level CTF challenge. You can download this virtual machine from here .  Details of Kioptrix : Size----186 MB OS---Linux Note: In virtual box, set up a Bridged network (virtual box -> preferences -> network) in networking, put both your Kali and Kioptrix to Bridged network. Fire-up both the machines(Kali and Kioptrix Level 1) Kioptrix will ask for the logins which we don't know at the moment. This also means we can't find IP of the Kioptrix directly from the Kioptrix machine itself. Leave the Kioptrix machine as it is and switch to Kali. First we need to find the IP address of the Kioptrix machine. We will use the tool netdiscover that comes pre-installed in Kali Linux to identify the IP address. Command   sudo netdiscover -i eth0 Wait  for scan results. 192.168.233.130 seems to be the IP of the Kioptrix machine. Let's scan this IP address using the tool Nmap (scan will also verify that its the IP of Kioptrix machine) Command  su...
1 comment
Read more