HackTheBox | POV

In this walkthrough, I demonstrate how I obtained complete ownership of POV on HackTheBox
HackTheBox | POV

Initial Foothold Hint:

  • Are there any particular input points or buttons on the web page that you can test user input or tamper with URL query parameters?
  • Look at particular words in the URL query parameters and if you're not sure what they are, ask Google how they can be abused

Privilege Escalation Hint:

  • Any interesting files on the file system?
  • What privileges does your new user session have?
  • You might need to use a meterpreter shell to finish the job

Nmap Results

# Nmap 7.94SVN scan initiated Tue Jan 30 16:24:53 2024 as: nmap -Pn -p- -sT --min-rate 5000 -A -oN nmap.txt 10.10.11.251
Nmap scan report for 10.10.11.251
Host is up (0.014s latency).
Not shown: 65534 filtered tcp ports (no-response)
PORT   STATE SERVICE VERSION
80/tcp open  http    Microsoft IIS httpd 10.0
|_http-title: pov.htb
| http-methods: 
|_  Potentially risky methods: TRACE
|_http-server-header: Microsoft-IIS/10.0
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose
Running (JUST GUESSING): Microsoft Windows 2019 (88%)
Aggressive OS guesses: Microsoft Windows Server 2019 (88%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 2 hops
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows

TRACEROUTE (using proto 1/icmp)
HOP RTT      ADDRESS
1   13.98 ms 10.10.14.1
2   14.12 ms 10.10.11.251

OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Tue Jan 30 16:25:35 2024 -- 1 IP address (1 host up) scanned in 42.09 seconds

This box is still active on HackTheBox. Once retired, this article will be published for public access as per HackTheBox's policy on publishing content from their platform.

Read the full story

Sign up now to read the full story and get access to all posts for Pending Publication tier only.

Subscribe
Already have an account? Sign in
0xBEN
Great! You’ve successfully signed up.
Welcome back! You've successfully signed in.
You've successfully subscribed to 0xBEN.
Your link has expired.
Success! Check your email for magic link to sign-in.
Success! Your billing info has been updated.
Your billing was not updated.