HackTheBox – Devel (10.10.10.5) – without Metasploit #OSCP Prep 3
TTS Demo
Hello All,
Welcome to my channel.
Hope you are all doing good.
This is 3rd machine on OSCP like HTB machine's list.
TJNull's list : https://docs.google.com/spreadsheets/u/1/d/1dwSMIAPIam0PuRBkCiDI88pU3yzrqqHkDtBngUHNCw8/htmlview#
Summary:
This box is having a ftp insecure configuration which lead us to initial foot-hold.
The FTP's root directory is mapped to the webroot directory and we can read/write in that folder.
We used msfvenom to to generate the aspx shell and got a reverse shell.
For privilege escalation, we used the kernel exploit :
https://www.exploit-db.com/exploits/40564
Please let me know if there are any other vulnerabilities which could have used to exploit and own the machine.
Please subscribe to the channel and leave a like if you like the video otherwise you know what to do.
Thanks for watching the video.
source
Gloss