HackTheBox | POV
Initial Foothold Hint:
- Are there any particular input points or buttons on the web page that you can test user input or tamper with URL query parameters?
- Look at particular words in the URL query parameters and if you're not sure what they are, ask Google how they can be abused
Privilege Escalation Hint:
- Any interesting files on the file system?
- What privileges does your new user session have?
- You might need to use a
meterpreter
shell to finish the job
Nmap Results
# Nmap 7.94SVN scan initiated Tue Jan 30 16:24:53 2024 as: nmap -Pn -p- -sT --min-rate 5000 -A -oN nmap.txt 10.10.11.251
Nmap scan report for 10.10.11.251
Host is up (0.014s latency).
Not shown: 65534 filtered tcp ports (no-response)
PORT STATE SERVICE VERSION
80/tcp open http Microsoft IIS httpd 10.0
|_http-title: pov.htb
| http-methods:
|_ Potentially risky methods: TRACE
|_http-server-header: Microsoft-IIS/10.0
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose
Running (JUST GUESSING): Microsoft Windows 2019 (88%)
Aggressive OS guesses: Microsoft Windows Server 2019 (88%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 2 hops
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
TRACEROUTE (using proto 1/icmp)
HOP RTT ADDRESS
1 13.98 ms 10.10.14.1
2 14.12 ms 10.10.11.251
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Tue Jan 30 16:25:35 2024 -- 1 IP address (1 host up) scanned in 42.09 seconds
⛔
This box is still active on HackTheBox. Once retired, this article will be published for public access as per HackTheBox's policy on publishing content from their platform.