DEVEL — HTB walkthrough

Nmap scan for ports services and OS
  1. Enumerating IIS 7.5 exploits

EXPLOITATION

  1. Let’s try to put a malicious ASP file on machine
First create a file using msfvenom
Now let’s put this on server using FTP

Difference in ASP and ASPX

  • ASP runs on IIS while ASPX runs on .NET framework.
  • ASP.NET offers the ability to build pages
  • ASP.NET — — — ability to develop applications using an event-driven GUI model,
  • ASP — — — — ability for conventional Web-scripting environments.
Now we will make our new payload using aspx format
Putting it back to FTP so that it can run on browser
use exploit/multi/handler
  1. Checking for privileges we have
We have SeImpersonatePrivilege and SeAssignPrimaryTokenPrivilege
  1. Using meterpreter Incognito
Background the process and use incognito
Enumerating privileges
Using exploit/windows/local/bypassuac_eventvwr
Exploit did not work. So we will go down the list and use next one.
exploit/windows/local/ms10_015_kitrap0d
Getting root flag
getting user flag
I renamed it to JP.exe and transferred using FTP.
Open listener on 1234 on different shell, to see process spawn.

Refer : https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-015

--

--

--

OSCP | CEH | Cyber Security Enthusiast.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

10 Best Mobile Apps for social security office North Carolina

Insider security threats: You need to take them seriously

Top free hacking platforms

Fortress Supports AVS Swap EVA

FLVS Login — what you need to know

6 Simple Ways To Avoid Rug Pulls

Things to Consider Before Talking to Strangers Online

Security at the Pace of Commercial Innovation

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Dhanishtha Awasthi

Dhanishtha Awasthi

OSCP | CEH | Cyber Security Enthusiast.

More from Medium

Stablecoin shmablecoin

TEST KYVE POOL STAKE

Ze GoDz

AMA Recap CryptoNews ID with Fulbo Galaxy