Artic machine is a vulnerable machine with Windows operating system among retired machines and it is expected to obtain user and root flags using these vulnerabilities.
We perform a network scan with nmap to recognize the target machine.
Classic scan

Full port scan

As a result of port scanning, 135/tcp msrpc Microsoft Windows RPC, 8500/tcp fmtp?, 49154/tcp ports were found to be open.
Let’s provide enumeration on the 8500 fmtp port, we go here via browser

We encountered two directories in CFIDE cfdocs.
We have enumerated the directories. We continue with the administrator/ directory on the CFIDE/ directory.

Here we encounter the ColdFusion admin panel.

Here we tried default passwords, we tried the generally used passwords, but we were not successful. We investigated whether there is a vulnerability related to this.

We download and modify this code and then run it

After making the arrangements here, we run our code.

That’s how we bought shell.

But when I try to go to the administrator directory it won’t let me. Therefore I provide local enumeration.

With the systeminfo information I obtained, I query the Windows-Exploit-Suggester tool to see if there is a vulnerability or not.

Again we found a few vulnerabilities, the most useful for privilege escalation are kernel vulnerabilities. I’ll start with these
Ms10-059 vulnerability kernel vulnerability, let’s see if there is a googlda github exploit

We download this tool from Github.
Then transfer it to the target machine with smbshrae.py.

We transferred Chimichurri.exe to the target machine.
We then tried to run this tool

Chimichurri.exe ipaddress port usage was like this. So we opened revershell in the back and listened.

In this way, we got the shell, when we checked the shell authorizations, we saw that it was in the systeö user, so we got our root flag.


  1. Suivre Téléphone

    Vous pouvez utiliser un logiciel de gestion des parents pour guider et surveiller le comportement des enfants sur Internet. Avec l’aide des 10 logiciels de gestion parentale les plus intelligents suivants, vous pouvez suivre l’historique des appels de votre enfant, l’historique de navigation, l’accès au contenu dangereux, les applications qu’il installe, etc.

  2. sklep

    Wow, awesome blog structure! How long have you been blogging for?
    you make running a blog look easy. The entire look
    of your website is great, let alone the content material!
    You can see similar here sklep online

Bir yanıt yazın

E-posta adresiniz yayınlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir