In this video Walkthrough, we used one of the lab machines in cyberseclabs that goes by COLD. We demonstrated both manual application of exploits on Adobe ColdFusion and automatic with Metasploit.

Cold from CyberSecLabs is a beginner level Windows box with a remote service exploit, that shows the importance of initial enumeration and directory discovery. After gaining initial access we’ll again abuse a service to elevate our privilege.

Get OSCP Certificate Notes

Windows Privilege Escalation Techniques Course

Highlights

We start with information gathering and nmap scanning. Here we’ve used a simple nmap with the -sV switch to enable Service Enumeration.

Then for web scanning and enumeration we used Nikto Web Vulnerability Scanner. Nikto  is a free open source web server scanner, which scans a target website against 6000+ tests. Including scans for vulnerabilities, mis-configurations, out-dated versions, and much more.

After gaining access to the Adobe ColdFusion web interface, we used Searchsploit to quickly see what exploits are available for ColdFusion.

Then with the help of Metasploit, we use the module exploit(multi/http/coldfusion_chkeditor_file_upload) and set the required parameters.

After gaining initial foothold to the Windows machine, we start the Windows privilege escalation process using PEASS – Privilege Escalation Awesome Scripts SUITE. You can get it here

Video Walkthrough