# Ice

![](/files/-MdDev4V_TgpZn5n5x-8)

## Recon

Lets run some nmap scan to find open ports and services

![](/files/-MdDg0OUWa-POqHWH_Iv)

![](/files/-MdDg3lBateP1SCgWSGb)

![Specifying port 8000 as mentioned in the instructions in the room](/files/-MdDhcZKo7DwEi2PyQCg)

The hostname is Dark-PC as we can see in the nmap scan

![](/files/-MdDglMnkKKoOahdq93C)

![](/files/-MdDhnu_4fR7u5C96EPH)

## Gain Access

The type of vulnerability can be found on CVE Details

![](/files/-MdDiTehVz4hVLX7PLmV)

![](/files/-MdDipC4JkGOboZpf_ST)

We will be using Metasploit to gain access to the machine so lets start Metasploit.

![](/files/-MdDilhDpcIKRht4TiFE)

Lets search for the vulnerability and set the right options

![](/files/-MdDj86e0_dqjWzLBuBh)

![](/files/-MdDjGb7D3aU6O7W4qgD)

Now lets run the exploit

![](/files/-MdDjLlMclevt5ujHhwC)

We have a shell on the machine

![](/files/-MdDjR17XIIMrapJaxHv)

## Escalate

To who we are on the machine and information related to the machine, we can use the sysinfo command

![](/files/-MdDjgsh4aJPT82PRwds)

![](/files/-MdDk2sKZebLvCwXILFz)

Lets run the module that will give us exploits that we can use to privilege escalate to a higher privilege user on the machine.

![](/files/-MdDkgx6HYB4lV0W4vkk)

Now lets background this session using the command "**background"** and list the active sessions, then lets select the first exploit we just found and set the session number to the session we just backgrounded using the command "**set sessions 1**" .Now we have to set the right options and run the exploit. Once the command has been run, we can access the machine using the command "**sessions 1**".

![](/files/-MdDmhX_H7sN3dUIbPl2)

Now we are in the machine as a higher privilege user, we can check this by using the command "**getprivs**"

![](/files/-MdDnB5CfJqKKOc0CkWw)

![](/files/-MdDnTDJfsZJIrlN47dX)

## Looting

Lets now follow the steps in the room

![](/files/-MdDnuwQrAO4mwG371vf)

![](/files/-MdDoD6NH9WpTYl34ZI4)

![](/files/-MdDoGMh9xHkqlJj8Ukz)

![](/files/-MdDoTXI4uh0bt0OnFTB)

![](/files/-MdDo_AP0GITVUv6t7J1)

## Post-Exploitation

With the help command we can answer the questions in the this task

![](/files/-MdDpdTebqthfzQcKXLS)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://writeups.adityadindi.com/tryhackme/walkthroughs-easy/ice.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.