Windows Privilege Escalation with PowerUp

We covered HackTheBox Remote machine as part of CREST CRT (Registered Penetration Tester) Track. We demonstrated Umbraco CMS exploitation and more than one path to escalate privileges on Windows.

Remote is an easy difficulty Windows machine that features an Umbraco CMS installation. Credentials are found in a world-readable NFS share. Using these, an authenticated Umbraco CMS exploit is leveraged to gain a foothold. A vulnerable TeamViewer version is identified, from which we can gain a password. This password has been reused with the local administrator account. Using `psexec` with these credentials returns a SYSTEM shell.

Get OSCP Notes

Video Walkthrough

CREST CRT track, CTF Writeups, HackTheBox, HackTheBox Remote

Show Comments

MasterMind Study Notes

About the Author

Mastermind Study Notes is a group of talented authors and writers who are experienced and well-versed across different fields. The group is led by, Motasem Hamdan, who is a Cybersecurity content creator and YouTuber.

View Articles

Windows Privilege Escalation with PowerUp | HackTheBox Remote | CREST CRT Track

Leave a Reply Cancel reply

MasterMind Study Notes

About the Author

Press ESC to close

Windows Privilege Escalation with PowerUp | HackTheBox Remote | CREST CRT Track

Leave a Reply Cancel reply

MasterMind Study Notes

About the Author

Share Article:

You might also like

Learn Windows Command Line Basics | TryHackMe Walkthrough

OffSec Proving Grounds: Crane Walkthrough | OSCP Prep

HackTheBox Spookypass Challenge Writeup