Hack The Box (Optimum)
By: Nicholas Werner
Starting off with nmap scans.
I see that only port 80 is open and is running HttpFileServer httpd 2.3 (HFS 2.3) so I want to go to the webpage first.
There is a login page here and one link at the bottom (HttpFileServer 2.3) so I click on it.
Now I want to searchsploit rejetto to see if there are any exploits available.
I found this one by Rapid7 which is always great so lets start up Metasploit.
I search rejetto just to make sure that they it matches up with what I just found on Rapid7. I also use the options command to input rhosts and lhost and type exploit.
Awesome I got a meterpreter shell.
Looks like I got the user flag. And now I want to see if I can get system access with another exploit so I background this session to see if I can find another exploit.
I type search suggester to find a post exploit that I can use while already having a meterpreter session.
This exploit didn’t seem to work so I want to reference back to my meterpreter session to see what OS version the machine is running so that I can look for another exploit.
I found that this version is vulnerable to an MS16–032 exploit so I want to search that in Metasploit.
Looks like I found something so I set everything up and type exploit.
Luckily this gets me a meterpreter shell. When I typed getuid I had system access so I knew that all I needed to do was search the directories for the remaining flag.
Commands used:
cd ..
cd ..
dir
cd Administrator
dir
cd Desktop
dir
cat root.txt
Looks like I found the root flag.