Skip to content

TryHackMe – Retro writeup without Metasploit

Retro is a Windows based machine. Its rated as hard. This box itself is a fun box but somethings didn’t work as I wanted so had to take another route. I really dislike using kernel exploits but in here I did it because I couldn’t find any other way.

we will start with nmap

So I ran dirbuster

and also caught few other stuff like wp-admin

Started to browse the site and found this

Ok so the first thing that in to my puny little brain was. Must be the password of wordpress. So I went back and tried to login and tadaaa

Ok that’s one thing. Remember the RDP session so I tried as well

and it actually worked. I was a bit you know is this really how it goes kind of a thing. Then also in the desktop user.txt file was there.

In the Recycle bin found one file

when I googled about it. Found a link

But it didn’t work out for me. First of all when I ran it like the video it game any more options to click.

and also I couldn’t find cmd.exe

So yea didn’t go as planned. Anyway I used exploit suggester from here on to check for a kernel exploit. I felt bad doing it but couldn’t find any other way so did it.

https://github.com/SecWiki/windows-kernel-exploits/tree/master/CVE-2017-0213

Used the following link to download the exploit. After downloading it I have setup python simepleHTTP server to transfer it to the windows machine. and just ran it.

I guess that’s it really. Wasn’t that hard but yea was good I guess.

You can follow me on twitter to get the latest updates https://twitter.com/far3y

Published inoffensive pathOSCPtryhackme

Be First to Comment

Leave a Reply

Your email address will not be published.

%d bloggers like this: