We covered HackTheBox Remote machine as part of CREST CRT (Registered Penetration Tester) Track. We demonstrated Umbraco CMS exploitation and more than one path to escalate privileges on Windows.

Remote is an easy difficulty Windows machine that features an Umbraco CMS installation. Credentials are found in a world-readable NFS share. Using these, an authenticated Umbraco CMS exploit is leveraged to gain a foothold. A vulnerable TeamViewer version is identified, from which we can gain a password. This password has been reused with the local administrator account. Using `psexec` with these credentials returns a SYSTEM shell.

Get OSCP Notes

Video Walkthrough

CREST CRT track, CTF Writeups, HackTheBox, HackTheBox Remote

Show Comments

Motasem

About the Author

I create cybersecurity notes, digital marketing notes and online courses. I also provide digital marketing consulting including but not limited to SEO, Google & Meta ads and CRM administration.

View Articles

Windows Privilege Escalation with PowerUp | HackTheBox Remote | CREST CRT Track

Leave a Reply Cancel reply

Motasem

About the Author

Other stories

XML External Entity Injection Demonstration | HTB BountyHunter | CREST CRT Track

Docker Privilege Escalation and SSTI Exploitation | HackTheBox GoodGames

Press ESC to close

Windows Privilege Escalation with PowerUp | HackTheBox Remote | CREST CRT Track

Leave a Reply Cancel reply

Motasem

About the Author

Share Article:

Other stories

XML External Entity Injection Demonstration | HTB BountyHunter | CREST CRT Track

Docker Privilege Escalation and SSTI Exploitation | HackTheBox GoodGames