Introduction

This video is a step-by-step tutorial on exploiting the Optimum machine from Hack The Box (HTB). The instructor demonstrates how to identify vulnerabilities and exploit them to gain unauthorized access and escalate privileges on a Windows Server 2012 machine.

HackTheBox CPTS Study Notes

HackTheBox CDSA Study Notes

HackTheBox Optimum Description

Optimum is a beginner-level machine which mainly focuses on enumeration of services with known exploits. Both exploits are easy to obtain and have associated Metasploit modules, making this machine fairly simple to complete.

1. Introduction to the Machine

  • The target is a Windows Server 2012 machine named Optimum from Hack The Box.
  • The difficulty level is described as medium.
  • The instructor emphasizes exploring different approaches rather than sticking to a single method.

2. Initial Reconnaissance

  • An Nmap scan reveals that only port 80 (HTTP) is open, running an HTTP File Server (HFS) 2.3.
  • The instructor accesses the web interface, resembling a simplified file-sharing service like Dropbox or Google Drive.
  • The goal is to find vulnerabilities due to the outdated server version.

3. Finding an Exploit

  • A search using SearchSploit reveals multiple exploits for HFS 2.3.
  • The instructor selects a Remote Code Execution (RCE) exploit in Python.
  • The exploit requires setting up a reverse shell connection back to the attacker.

4. Setting Up the Attack Environment

  • The Python exploit is downloaded and modified to use the attacker’s IP and port 443 for the reverse shell.
  • Tools like Netcat and a Python HTTP server are set up to serve payloads and listen for incoming connections.
  • The instructor configures the exploit to pull Netcat onto the target machine for executing commands.

5. Exploiting HFS for Remote Access

  • After troubleshooting port configuration, the exploit successfully delivers a reverse shell.
  • The instructor gains access as the user kostas on the Windows system.
  • A note is made about the limited privileges of this user.

6. Privilege Escalation

  • The instructor runs whoami /priv to check available privileges and confirms restricted access.
  • The tool Windows Exploit Suggester is used to identify missing patches and vulnerabilities.
  • System information is collected using systeminfo and fed into the tool to suggest privilege escalation exploits.

7. Exploiting Privilege Escalation Vulnerabilities

  • Multiple privilege escalation exploits are identified.
  • One selected exploit targets a missing Windows patch for elevation of privilege.
  • The exploit binary is downloaded, renamed, and prepared for execution on the target machine.

8. Preparing and Executing the Exploit

  • A Python web server is launched to deliver the exploit to the target.
  • The instructor checks if the user has the necessary permissions to write files in the target directory.
  • The next step involves executing the downloaded exploit to escalate privileges to SYSTEM.

Key Learning Points

  1. Reconnaissance: Identify open ports and services using tools like Nmap.
  2. Vulnerability Research: Use tools like SearchSploit to find matching exploits for vulnerable services.
  3. Exploit Execution: Customize and run exploits, handle payload delivery, and troubleshoot issues.
  4. Privilege Escalation: Gather system information and use specialized tools to suggest and execute privilege escalation attacks.
  5. Post-Exploitation: Gain administrative control over the machine for full access.

You can also watch:

,
Show Comments

MasterMind Study Notes

About the Author

Mastermind Study Notes is a group of talented authors and writers who are experienced and well-versed across different fields. The group is led by, Motasem Hamdan, who is a Cybersecurity content creator and YouTuber.

View Articles