Skip to content

Hack The Box — Bounty Writeup without Metasploit

Before we begin I would like to stay it took me more than 3 hours to figure out how to do privilege escalation. Don’t criticize I’m a noob. so now lets start with nmap. Auturecon for some unknown reason didn’t run gobuster. So in the end decided to run dirbuster which is a also another very cool tool

Alright so after seeing the great and wise IIS had to have look at what its hosting.

Merlins beard. So we found merlin. let’s try to kill him and the only way to do it would be to become a warlock. Time to bruteforce merlin

There was no name but opened in browser

ok so after checking which extensions are allowed and also found an rce. you can read about it from this link

And also need a powershell script to execute a shell. You can get it from here

https://gist.github.com/egre55/c058744a4240af6515eb32b2d33fbed3

I think you will get the idea once you read those two links if not here is a screenshot

So now upload the web.config file. Successss! we got a shell

Now the hard part. Privilege escalation. Got the systeminfo tried windows exploit suggester. Tried a lot of things which didn’t work or Im too dump to make it work.

So in the end this kernel exploit worked. As you can see I have uploaded there quite a bit of exploit’s from here and there. But I need to remember something. I’m pretty sure that there isn’t any kernel exploits in the OSCP exam. So I will try to find some other ways starting from now. But in case I get lazy, Yes I will go after the kernel exploit.

Published inHackinghacktheboxOSCP

Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *