Hack the Box: Devel

Today we will be looking at an easy Windows machine on Hack the Box. Starting off with a RustScan we see the following:

We see an FTP and HTTP port running.

From here we can see that anonymous login works, when looking at the FTP server we can also see that it is running within the wwwroot folder:

Knowing where the FTP server resides allows us to use an .aspx shell and get a reverse shell. We can find an .aspx shell here and change the IP address and port:

https://raw.githubusercontent.com/borjmz/aspx-reverse-shell/master/shell.aspx

Now lets start up our listener and head over to that page:

Notice above we get a call back as web, this is great news for us, because anyone belonging to the IIS group on windows also has Impersonate a Client After Authentication. However, for this box we will not be able to utilize the different potato attacks (at least I could not get them to work). To work around this we can try and get systeminfo and from there put it into the next gen windows exploit suggester, or use Meterpreter. Let’s use Meterpreter:

Now that we have a reverse shell we can look into exploit suggester:

As shown we can see some exploits that we can try. Lets utilize teh schlamperei: