Retro is a Windows based machine. Its rated as hard. This box itself is a fun box but somethings didn’t work as I wanted so had to take another route. I really dislike using kernel exploits but in here I did it because I couldn’t find any other way.
we will start with nmap
So I ran dirbuster
and also caught few other stuff like wp-admin
Started to browse the site and found this
Ok so the first thing that in to my puny little brain was. Must be the password of wordpress. So I went back and tried to login and tadaaa
Ok that’s one thing. Remember the RDP session so I tried as well
and it actually worked. I was a bit you know is this really how it goes kind of a thing. Then also in the desktop user.txt file was there.
In the Recycle bin found one file
when I googled about it. Found a link
But it didn’t work out for me. First of all when I ran it like the video it game any more options to click.
and also I couldn’t find cmd.exe
So yea didn’t go as planned. Anyway I used exploit suggester from here on to check for a kernel exploit. I felt bad doing it but couldn’t find any other way so did it.
https://github.com/SecWiki/windows-kernel-exploits/tree/master/CVE-2017-0213
Used the following link to download the exploit. After downloading it I have setup python simepleHTTP server to transfer it to the windows machine. and just ran it.
I guess that’s it really. Wasn’t that hard but yea was good I guess.
You can follow me on twitter to get the latest updates https://twitter.com/far3y
Be First to Comment