Optimum — HTB walkthrough
Visiting web browser we see
On looking at source code we see, server info says rejetto server
Searching for exploit, we get
Rejetto HTTP File Server (HFS) 2.3.x — Remote Command Execution (2)
Vulnerability : REGEX parsing in file ParseLib.pas , which cannot handle null byte and instead of parsing it executes the macro.
This exploit does is : Attacker machine hosts nc.exe (a vulnerable macro) on server at port 80.
Target machine connects to nc.exe and gives you reverse shell on the host and port you mentioned in exploit.
How to perform exploit
1) locate nc.exe and copy to your cwd and host a server on port 80
Now download exploit from the link mentioned. And change the local host IP and port in python file to your IP and port you are listening from netcat to.
On your machine: Nc -lvp 443
Then run the script
And on netcat you see
After enumerating a lot , I finally ran exploit suggester. And found
Microsoft Windows 8.1 (x64) — ‘RGNOBJ’ Integer Overflow (MS16–098)