Blaster

Activate Forward Scanners and Launch Proton Torpedoes
Lets run nmap scans to find open ports and the services running on them



Lets check the website


Looks like there is nothing interesting here, lets look for hidden directories and pages with gobuster


Lets look at this directory

We have a possible username Wade.

Lets look at the website and see if we can find anything interesting. Looking around we come around this post

After we click on it, we get to this page

It looks like a password

Now lets try to login through Remote Desktop with the credentials we have. We can use remmina to do this.



We are logged in, lets read the user.txt file

Breaching the Control Room
Lets look for interesting information like what the user what looking at, lets go to Internet Explorer ;-; and look at the history.

We have the CVE number

We need an executable that is necessary for the exploitation of this vulnerability, and we can find this on the desktop


Lets look at this vulnerability closer and use it to get a shell on the machine
First lets look at this executable by clicking it.

Lets go to show more details > Show information about the publisher's certificate

Lets click issued by link, and close the tabs, now lets go to internet explorer and hit Ctrl + s

We have an error, now lets click ok and we see that the file explorer is open, lets open cmd

Now lets check who we are on the system


Lets read the root flag

Adoption into the Collective
Lets follow the steps mentioned in the room
First lets go to our machine and launch metasploit and select the module they provided


Now lets set the target to PSH


Lets set the options

Lets set the payload the run the exploit as a job


Lets select the command and paste it in the terminal of the machine we just exploited

And we should get a meterpreter shell

We can get persistence with this command

Last updated
Was this helpful?