Hack The Box: Grandpa

HackTheBox

Box: Grandpa

IP: 10.10.10.14

Let’s run a nmap scan and see what is running on the target.

Looks like HTTP is open, so lets navigate to the machine and see if we see anything.

Doesn’t look like anything.

Let’s run dirbuster and see if there are any hidden directories.

While that’s running let’s look for exploits for Microsoft IIS httpd 6.0.

Let’s see what the options are in metasploit.

Run the exploit and we get a shell!

If we run some commands we see that we are not NT Authority.

Let’s see what processes are running on the machine using ps.

We see three of them are running as NT Authority\Network Service, let’s try and migrate our current session to get more permissions on the system.

Next, let’s background the sessions and use the exploit_suggester to get NT Authority\System.

Run the suggester and we see a list of possible exploits.

Let’s try the first one ms10_015_kitrap0d.

Let’s see the exploit options.

Run the exploit and we will get NT Authority\System.

Written on May 15, 2021