HackTheBox: Devel - Writeup
date_range 15/05/2019 17:20 infosorthtblabel
HackTheBox: Devel was an easy machine to root. It involved using basic enumeration techniques to get root access.
1.1 - Scanning
I first started by doing a port scan of Devel (10.10.10.5).
The first thing that the port scan reveals is an open FTP anonymous port with access to the file system.
1.2 - Exploring FTP anonymous
Accessing ftp anonymous:
Once accessed, the first thing to do was to look for commands that can be used:
Some useful commands are
cd for navigation and
put for uploading files. A reverse shell could possibly be uploaded. A test file is uploaded with
put. A test can be done to see if the file can be uploaded and accessed:
The file is successfully uploaded and can be accessed via the website by
2.1 - Exploitation
Now that files can be uploaded and accessed remotely, a reverse shell can be generated and uploaded.
nmap revealed that the web server is running
IIS which means that the server is probably using
asp files. A
asp reverse shell can be generated with msfvenom:
The generated payload can be uploaded via ftp:
Now that the shell is uploaded and the multi/handler is ready, the shell is ready to be accessed via the web server:
Success! a connection is made and a reverse shell is open:
user.txt can then be retrieved by navigating to the users directory to retrieve the
3.1 - Post Exploitation
The meterpreter session is put in the background and local exploit suggester is used to find possible local exploits:
ms13_053 from one of the above found exploits, it exploits the system and gives me system access.
The root flag can now be retrieved:
Success! This was a really easy machine to do with basic enumeration techniques required for both user and root.