It was a great machine from hackthebox.It had only two ports open.And after testing the website got an error and got a CVE related to it .Rest was easy .For privilege escalation linpeas was enough.
Steps Involved 1-Port Scan 2-Enumerating Website 3-Exploiting Gym Management Software 1.0 4-Getting Web-shell 5-Getting full shell and user.txt 6-Privilege Escalation 7-Exploiting Cloudme.exe 8-Getting root flag Port Scan ┌─[[email protected]]─[~/Desktop/hackthebox/buff] └──╼ $cat nmap Nmap 7.80 scan initiated Fri Aug 7 23:10:59 2020 as: nmap -Pn -sC -sV -v -oN nmap 10.10.10.198 Nmap scan report for 10.10.10.198 Host … Read more
