OSCP PREPROTİONS – HTB Grandpa

Grandpa machine is a vulnerable machine with Windows operating system among the reitred machines and it is expected to obtain user and root flags using these vulnerabilities.
We perform a network scan with nmap to recognize the target machine.
Classic Scan

As a result of port scanning, we found that port 80/tcp http Microsoft IIS httpd 6.0 was open.
When we investigated we found that this is using Microsoft IIS httpd 6.0 and is vulnerable. it is vulnerable to buffer overflow and gives us shell authorization

We conducted a vulnerability research on this.

We will use the code from https://github.com/crypticdante/CVE-2017-7269.

When we did research on this shell that gave us shell authorization, we realized that it was a user with low authorization, so we provided local enumeraiton.

Microsoft(R) Windows(R) Server 2003, Standard Edition is in use and SeImpersonatePrivilege seems to be enabled, which could be the Rotten Potato exploit.
Since there is no powershell here, let’s try the Churrasco tool here. I installed it on the machine using the SMB share and then ran it (if we had powershell we would use the JuicyPotato tool)

Then let’s run cmd.exe using the churrasco.exe tool
As we can see, we have a session to the user nt authority\system
Now we get user and root flags

Comments

  1. Kellina

    I’m truly enjoying the design and layout of your
    site. It’s a very easy on the eyes which makes it much more enjoyable for me to come here and visit more often. Did
    you hire out a developer to create your theme? Exceptional work!

  2. Corynne

    Hi this is kinda of off topic but I was wondering if blogs use WYSIWYG editors or if
    you have to manually code with HTML. I’m starting a blog soon but have no coding skills so I wanted to get guidance from someone with experience.
    Any help would be greatly appreciated!

  3. Jemima

    I’ll right away seize your rss as I can not to
    find your email subscription hyperlink or e-newsletter service.
    Do you’ve any? Please allow me realize in order that I may subscribe.

    Thanks.

  4. Edith

    Do you have a spam issue on this site; I also am a blogger,
    and I was wanting to know your situation; we have created some nice procedures and we are looking to trade methods with
    other folks, please shoot me an e-mail if interested.

  5. Tieka

    Write more, thats all I have to say. Literally, it seems
    as though you relied on the video to make your point. You
    obviously know what youre talking about, why waste your intelligence on just posting videos to
    your weblog when you could be giving us something enlightening
    to read?

  6. Aadil

    Just wish to say your article is as astounding. The clearness in your post is just great and i can assume you’re an expert on this subject.
    Well with your permission let me to grab your RSS feed to keep updated with
    forthcoming post. Thanks a million and please keep up the rewarding work.

  7. Valerie

    Undeniably consider that that you stated.

    Your favorite reason seemed to be at the internet the easiest factor to
    consider of. I say to you, I certainly get annoyed even as folks think about worries that they just
    don’t recognise about. You controlled to hit the nail upon the top and defined
    out the whole thing without having side effect
    , other folks could take a signal. Will likely be again to get more.
    Thank you

  8. Beata

    Hey! Quick question that’s totally off topic.
    Do you know how to make your site mobile friendly?
    My site looks weird when browsing from my iphone4. I’m trying to find a theme or plugin that might be able to fix this issue.
    If you have any recommendations, please share.
    Thank you!

  9. Giovana

    Good post. I learn something totally new and challenging
    on sites I stumbleupon on a daily basis. It will always be
    helpful to read through content from other writers and practice a little something from
    their sites.

  10. Eldon

    I do believe all the ideas you’ve introduced for your post.
    They’re really convincing and can certainly work. Nonetheless, the posts are too short for novices.

    May just you please extend them a little from subsequent time?
    Thanks for the post.

  11. Shakara

    Hi there! This post could not be written much better!
    Looking through this post reminds me of my previous
    roommate! He always kept preaching about this.
    I am going to send this post to him. Pretty sure he will have a good read.
    I appreciate you for sharing!

  12. Joyanna

    Hey! Would you mind if I share your blog with my zynga
    group? There’s a lot of folks that I think would really enjoy your content.
    Please let me know. Many thanks

  13. Benaiah

    Hello! I could have sworn I’ve visited your blog before but after looking at some of the articles I
    realized it’s new to me. Regardless, I’m definitely happy I stumbled upon it and I’ll be bookmarking it and checking back frequently!

  14. sklep internetowy

    Hello there! Do you know if they make any plugins
    to assist with SEO? I’m trying to get my blog to rank for some targeted keywords
    but I’m not seeing very good results. If you know of any please share.

    Thanks! You can read similar blog here: Dobry sklep

  15. Rastrear Teléfono Celular

    Puede utilizar un software de gestión para padres para guiar y supervisar el comportamiento de los niños en Internet. Con la ayuda de los siguientes 10 software de administración de padres más inteligentes, puede rastrear el historial de llamadas de su hijo, el historial de navegación, el acceso a contenido peligroso, las aplicaciones que instalan, etc.

Bir yanıt yazın

E-posta adresiniz yayınlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir