Hack The Box — Optimum

Hey folks, today we have an interesting machine from HackTheBox “Optimum”, in this machine we will learm about new tool for CVE scan, it’s useful, at the first let’s know more about out machine

Ok let’s get started…

Nmap Scan

As we begin every machine we will scan the dns for open ports, service running on them, OS detection and more information we need to know

The results says that there’s one open port 80 and have one service runnign on it HttpFileServer 2.3 so we will take this as entry point to search for any vulnerability in this service by google or searchsploit

So now we have exploitation from rapid7 which works with metasploit and also you can use this code from GitHub to hack it without metasploit but you need to edit it

we will use metasploit to hack this service so we will use metasploit search about this keyword as follow

nice, we have one here, let’s try it by typing use 0 and then show options and set the machine IP from RHOSTS and your local IP from LHOST and finally type run to start attack

As you can see it’s worked and open a new meterpreter session but it’s seems that we’re not the root so let’s get the user flag first..

Good, now we have the user flage, let’s try to get the root flag from Administrator directory

Unfortunately, we don’t have access on this directory so let’s think about how to exploit privileges escalation vulnerability and to do that we need to do 2 things:

  1. Get the system info from systeminfo
  2. Try to search about the CVE available for this info

As you can see now we have the system information, let’s jump to the next step.

I have searched more and more about privilage escilation vulnerability for this info but unfortunately there’s nothing returned so I’ve discovered a wonderful tool which will scan the machine for the CVE’s and return back me the results, tool name Windows-Exploit-Suggester which need the systeminfo data in .txt format as follows

and then run the tool

then the reusults will be like this

With all available exploitaiton with this machine we will use one which will help us in the escilation process ms16-032 you will find it on the metasploit

but before using it you should put the meterpreter session in the background by typing background

now you can search about the exploitation and use it, then type show options and set SESSIONS 1 as you have the session 1

and then run. You will get a new shell with the root priviliges

Congrats ❤

Stay in touch

LinkedIn | GitHub | Twitter

Thank you ❤

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Eslam Akl

Penetration Tester, Bug Hunter, Author of 10 CVEs, Author of multiple security tools, and more :) You can find me on Twitter @eslam3kll