This is yet another blog on machine Optimum from Hack The Box. It is a retired Windows-based machine with the IP address 10.10.10.8.
The first step is the process of reconnaissance that can help in identifying the ports that are open and can be exploited.
Here we had port 80 that was open and had the HTTPFileServer that was running on the port and the version was 2.3.
Then we try searching for the exploit online.
To our surprise, we have the console code for the same vulnerability exploit that can be run on the console.
So we begin the msfconsole.
Then, based on the learning from the exploit search, we set options for the same and the exploit is run.
Here we get the meterpreter shell.
Upon checking the present working directory, we get a Kostas Desktop that can be the user, and thereby checking the files of the same, we get the user.txt.txt.
So, we now got the first flag of the machine.
We then try performing privilege escalation. For this, the current session is set in the background using the background command on the shell.
We then check for the exploit suggestions and based on the same we use them.
Then we run the post-exploitation enumeration script called Sherlock.ps1 that is available on the Github platform for download that can be used in finding the missing software patches for local privilege vulnerabilities.
We initially load the power shell and the rest is imported based on the downloads.
This shows up the list of missing vulnerabilities and the found that ms16–032 is the vulnerable site and the privilege escalation is possible with it.
So finding the ms16–032 vulnerability exploit that can be possible with the payload sets and the other options as well.
When checking the possibility of getting inside the administrator as we finally are able to do that.
Navigating through the folders, we are finally able to get the root.txt file and thus the machine is rooted.