Devel
This is my write-up for the Hack The Box machine called Devel located at: https://app.hackthebox.com/machines/Devel.
Exploitation:
I started off of a nmap scan:
Since HTTP is open, I wanted to see what is offered on it:
This gave me a hint that the machine is running IIS7 as their software. At this time, my deeper nmap scan (nmap -T4 -A -v -p- 10.10.10.5 -oN devel.nmap
) had ended:
From this, I can see that FTP has anonymous login allowed:
Using wget -r ftp://anonymous:@10.10.10.5/
I downloaded all of the files in the folder. I then found the following Metaploit module:
I then was able to get into that directory through FTP, and was able to upload files into it:
I was trying various files to upload, but the one that ended up working was the ASPX file. I created the file by running the following:
I then used Netcat to then get the reverse shell:
At this point, I had a shell, but was not able to read files from the user or the Administrators' folders. I then found this write-up, which clarified what I should be doing. I was supposed to find and run this exploit from exploit-db. I ran the following commands (after I downloaded the exploit):
I was then able to get the root.txt flag:
I then also got the user.txt flag as well:
What I learned:
That I should view the output of systeminfo more closely
The certutil command on Windows
That the user.txt file could be renamed to user.txt.txt
Last updated