Initial Foothold Hint:

• You're going to need a client application for this server
• Find the version of the server, which CVE is this server vulnerable to?
• The CVE is quite old by now, but was first discovered in the application running on the server

Privilege Escalation Hint:

• Decompile the file to find some interesting info
• How might you be able to use this information to log in as a privileged user?
• Are the ports needed to log in accessible from the outside?

Nmap Results

# Nmap 7.94SVN scan initiated Mon Feb 12 16:23:27 2024 as: nmap -Pn -p- -sT --min-rate 2000 -A -oN nmap.txt 10.10.11.249
Nmap scan report for 10.10.11.249
Host is up (0.011s latency).
Not shown: 65533 filtered tcp ports (no-response)
PORT      STATE SERVICE   VERSION
80/tcp    open  http      Microsoft IIS httpd 10.0
|_http-server-header: Microsoft-IIS/10.0
|_http-title: Did not follow redirect to http://crafty.htb
25565/tcp open  minecraft Minecraft 1.16.5 (Protocol: 127, Message: Crafty Server, Users: 0/100)
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose
Running (JUST GUESSING): Microsoft Windows 2019 (89%)
Aggressive OS guesses: Microsoft Windows Server 2019 (89%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 2 hops
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows

TRACEROUTE (using proto 1/icmp)
HOP RTT      ADDRESS
1   10.33 ms 10.10.14.1
2   10.52 ms 10.10.11.249

OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Mon Feb 12 16:24:48 2024 -- 1 IP address (1 host up) scanned in 81.07 seconds

echo '10.10.11.249        crafty.htb' | sudo tee -a /etc/hosts