Kernel-Exploit

Introduction Devel is a Windows machine on HackTheBox that demonstrates a classic attack chain: anonymous FTP access to a web server’s root directory, allowing us to upload a malicious web shell. We then exploit an unpatched Windows 7 system using a kernel vulnerability to gain SYSTEM privileges. Difficulty: Easy OS: Windows Skills: FTP enumeration, web shell upload, Windows kernel exploitation Reconnaissance Nmap Scan nmap -sC -sV -oN nmap/devel 10.129.2.19 Port Service Version 21 FTP Microsoft ftpd 80 HTTP Microsoft IIS 7.5 Key finding from Nmap: ...

Introduction Optimum is a Windows machine on HackTheBox that features a vulnerable HttpFileServer application and privilege escalation through kernel exploitation. This box teaches the importance of checking software versions and using enumeration tools to find the right kernel exploit. Difficulty: Easy OS: Windows Skills: Version-based exploitation, kernel exploit enumeration, Windows privilege escalation Reconnaissance Nmap Scan nmap -sC -sV -oN nmap/optimum 10.129.2.30 Port Service Version 80 HTTP HttpFileServer 2.3 Only one port open running HFS 2.3 (HttpFileServer). When we see specific software with version numbers, we immediately check for known exploits. ...