HackTheBox: Devel - FTP Upload to IIS & Kernel Exploit Privesc
Introduction Devel is a Windows machine on HackTheBox that demonstrates a classic attack chain: anonymous FTP access to a web server’s root directory, allowing us to upload a malicious web shell. We then exploit an unpatched Windows 7 system using a kernel vulnerability to gain SYSTEM privileges. Difficulty: Easy OS: Windows Skills: FTP enumeration, web shell upload, Windows kernel exploitation Reconnaissance Nmap Scan nmap -sC -sV -oN nmap/devel 10.129.2.19 Port Service Version 21 FTP Microsoft ftpd 80 HTTP Microsoft IIS 7.5 Key finding from Nmap: ...