DEVEL(10.10.10.5) HackTheBox Walkthrough(HTB)

Image for post
Image for post

Today We’re going to solve HackTheBox Retired machine DEVEL.

Devel is a windows machine.

Now without wasting much time on theory, let’s get a hands on.

Step 1: nmap scan
nmap -sC -sV -vv 10.10.10.5

Image for post
Image for post

So here are only 2 ports open 21, and 80.

IIS home page on port 80.

Image for post
Image for post

port 21 has anonymous login.

Image for post
Image for post

Now we can put any file to the directory using put command.

From this FTP service we will put one reverse aspx shell and get the reverse shell.

Image for post
Image for post

First setup a netcat listener on whatever port you like. I am taking 5578 here.

Image for post
Image for post

And then using the Insomniashell.aspx let’s get a reverse shell.

Image for post
Image for post

Let’s go back, to our listener.

Image for post
Image for post

Okay so we have our shell.

Now let’s get some details about the windows machine.

for this use “systeminfo” command.

Image for post
Image for post

Now, let’s see what privileges shell we got.

Image for post
Image for post

Now we need privilege escalation to get the complete hold on the machine.

From the System info above we know that the OS Version is 6.1.7600 N/A Build 7600.

Let’s search for some exploit for this OS version.

A quick search will give you the exploit.

Image for post
Image for post

Download the Exploit, it will be a “.c” file.

Now we need to cross compile it as exe to execute in on the machine.

for that we need ming.

If you have it already, cool. else you can install it with a very simple command.

apt install mingw-w64

Now, let’s compile the c exploit to be executable with our compromised machine.

i686-w64-mingw32-gcc 40564.c -o newshell.exe -lws2_32

Image for post
Image for post

Now let’s send the file to the machine using FTP only.

Image for post
Image for post

Cool now the execution part.

Image for post
Image for post

Now go get the flag.

Security researcher, Blogger, Bug Bounty hunter

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store