Hack The Box (Optimum)

By: Nicholas Werner

Starting off with nmap scans.

I see that only port 80 is open and is running HttpFileServer httpd 2.3 (HFS 2.3) so I want to go to the webpage first.

There is a login page here and one link at the bottom (HttpFileServer 2.3) so I click on it.

Now I want to searchsploit rejetto to see if there are any exploits available.

I found this one by Rapid7 which is always great so lets start up Metasploit.

I search rejetto just to make sure that they it matches up with what I just found on Rapid7. I also use the options command to input rhosts and lhost and type exploit.

Awesome I got a meterpreter shell.

Looks like I got the user flag. And now I want to see if I can get system access with another exploit so I background this session to see if I can find another exploit.

I type search suggester to find a post exploit that I can use while already having a meterpreter session.

This exploit didn’t seem to work so I want to reference back to my meterpreter session to see what OS version the machine is running so that I can look for another exploit.

I found that this version is vulnerable to an MS16–032 exploit so I want to search that in Metasploit.

Looks like I found something so I set everything up and type exploit.

Luckily this gets me a meterpreter shell. When I typed getuid I had system access so I knew that all I needed to do was search the directories for the remaining flag.

Commands used:

cd ..

cd ..

dir

cd Administrator

dir

cd Desktop

dir

cat root.txt

Looks like I found the root flag.