Background the current session and used post exploitation (post/multi/recon/local_exploit_suggester) MSF module for suggestions related to exploits that can be used for privilege escalation under the context of current machine. Tried privilege escalation using meterpreter getsystem command but it failed. Tried accessing user folders (Harry) to get user flag but access was denied. Low privileged shellĪs user authority was not determined (getuid gave access denied error message) and access was denied, migrated the process to service running under Network Service. Filled in all the required options as follows: exploit optionsĪfter putting in all the options (LHOST, RHOST etc.) executed the exploit and obtained a low level shell. A quick search for IIS 6 showed there is an exploit (exploit/windows/iis/iis_webdav_scstoragepathfromurl) available in Metasploit Framework.
Service detection scan revealed Microsoft IIS httpd 6. Webpage showed as page under construction. To detect services running on these ports and OS scanned using -A option as follows: nmap service and os detection scanīrowsed to the website and found nothing interesting there. Quick scan showed only one open port i.e.
To check the available services, I scanned the machine with nmap scanning all ports and doing a quick scan as follows: nmap quick scan
The purpose of this blog is to document the steps I took to complete hacking task of Grandpa and guide people looking to practice their penetration testing skills.Īfter connecting HTB lab through VPN, I selected the Grandpa (10.10.10.14) retired machine as it was flagged as an easy target.