Blaster

Activate Forward Scanners and Launch Proton Torpedoes

Lets run nmap scans to find open ports and the services running on them

Lets check the website

Looks like there is nothing interesting here, lets look for hidden directories and pages with gobuster

Lets look at this directory

We have a possible username Wade.

Lets look at the website and see if we can find anything interesting. Looking around we come around this post

After we click on it, we get to this page

It looks like a password

Now lets try to login through Remote Desktop with the credentials we have. We can use remmina to do this.

We are logged in, lets read the user.txt file

Breaching the Control Room

Lets look for interesting information like what the user what looking at, lets go to Internet Explorer ;-; and look at the history.

We have the CVE number

We need an executable that is necessary for the exploitation of this vulnerability, and we can find this on the desktop

Lets look at this vulnerability closer and use it to get a shell on the machine

First lets look at this executable by clicking it.

Lets go to show more details > Show information about the publisher's certificate

Lets click issued by link, and close the tabs, now lets go to internet explorer and hit Ctrl + s

We have an error, now lets click ok and we see that the file explorer is open, lets open cmd

Now lets check who we are on the system

Lets read the root flag

Adoption into the Collective

Lets follow the steps mentioned in the room

First lets go to our machine and launch metasploit and select the module they provided

Now lets set the target to PSH

Lets set the options

Lets set the payload the run the exploit as a job

Lets select the command and paste it in the terminal of the machine we just exploited

And we should get a meterpreter shell

We can get persistence with this command