We covered a scenario of a vulnerable Microsoft IIS web server which was leveraged to compromise a host machine. We used a lab scenario HackTheBox Devel, while relatively simple, demonstrates the security risks associated with some default program configurations. It is a beginner-level machine which can be completed using publicly available exploits. The material of this video can be used to prepare for OSCP Certification.

OSCP Certificate Notes

CISSP Study Notes Notes

Initial Scan (Nmap)

The video begins with a scan using Nmap, revealing two open ports: 21 (FTP) and 80 (HTTP).The initial attempt to identify the operating system with Nmap is not accurate, prompting a deeper scan.

FTP Enumeration

The FTP service allows anonymous login, which is recognized as a misconfiguration.After logging in, the user explores the FTP directory using basic commands (ls) to list its contents.

Web Server Enumeration

The user navigates to the IP address associated with port 80, revealing a basic Microsoft IIS webpage, though it doesn’t provide much useful information for exploitation.

FTP File Upload Vulnerability

The next step involves testing the ability to upload files to the FTP server. The user successfully uploads a test file to confirm this functionality.

Creating and Uploading a Payload

The payload is created using Msfvenom (a Metasploit tool), specifying an ASP.NET (ASPX) reverse shell for Windows.

After creating the reverse shell payload, it’s uploaded to the web directory of the server through the FTP connection.

Triggering the Reverse Shell

By navigating to the uploaded payload on the web server, the reverse shell is triggered, and the user gains a limited shell as a service account.

Privilege Escalation

The system information confirms that the machine is running Windows 7 Enterprise.

The user conducts research to find appropriate exploits for this version, ultimately choosing a Windows AFD.sys privilege escalation exploit.

After downloading and executing the exploit, the user escalates privileges to gain SYSTEM access, effectively gaining full control over the machine.

Manual vs. Automated Tools

The video demonstrates how to manually exploit vulnerabilities without using automated frameworks like Metasploit.

However, the user also discusses alternative methods, including tools like WinPEAS (Windows Privilege Escalation Awesome Scripts) for privilege escalation and Metasploit’s Suggestor module to identify matching exploits.

The video highlights the importance of keeping systems updated, noting that the machine’s lack of patches made the exploitation process straightforward

Video Walkthrough | HackTheBox Devel

, , , ,
Show Comments

The MasterMinds Notes

About the Author

Mastermind Study Notes is a group of talented authors and writers who are experienced and well-versed across different fields. The group is led by, Motasem Hamdan, who is a Cybersecurity content creator and YouTuber.

View Articles