Blaster
Activate Forward Scanners and Launch Proton Torpedoes
Lets run nmap scans to find open ports and the services running on them
Lets check the website
Looks like there is nothing interesting here, lets look for hidden directories and pages with gobuster
Lets look at this directory
We have a possible username Wade.
Lets look at the website and see if we can find anything interesting. Looking around we come around this post
After we click on it, we get to this page
It looks like a password
Now lets try to login through Remote Desktop with the credentials we have. We can use remmina to do this.
We are logged in, lets read the user.txt file
Breaching the Control Room
Lets look for interesting information like what the user what looking at, lets go to Internet Explorer ;-; and look at the history.
We have the CVE number
We need an executable that is necessary for the exploitation of this vulnerability, and we can find this on the desktop
Lets look at this vulnerability closer and use it to get a shell on the machine
First lets look at this executable by clicking it.
Lets go to show more details > Show information about the publisher's certificate
Lets click issued by link, and close the tabs, now lets go to internet explorer and hit Ctrl + s
We have an error, now lets click ok and we see that the file explorer is open, lets open cmd
Now lets check who we are on the system
Lets read the root flag
Adoption into the Collective
Lets follow the steps mentioned in the room
First lets go to our machine and launch metasploit and select the module they provided
Now lets set the target to PSH
Lets set the options
Lets set the payload the run the exploit as a job
Lets select the command and paste it in the terminal of the machine we just exploited
And we should get a meterpreter shell
We can get persistence with this command
Last updated