Optimum HTB

Always start with a ping to verify the connection and then start a nmap scan
nothing in return
Something to note lets include -p- in our scan so that way we scan all ports. We know port 80 is a website running so lets go there
we have a login page and server information at the bottom
What I did since I seen this was a dead end was went back to the nmap scan and googled the version of Http and found an exploit on google
Found the rejetto_hfs_exe exploit and started to configure the options
One thing to note we can’t do the sudo -l that we learned in the previous lesson
we also found 3 exploits for priv esc
second one didn’t work
the last one worked. but from here you are in the 2nd shell, just navigate to the admin profile and grab the flag
I somehow lost the session and cant get it back session won’t recreate
Went back to the regular user credentials and googled the OS for an privilege escalation.
configure the options
navigate to the root.txt file

--

--

--

eJPT | Sec+ | Cyber Security Enthusiast. I plan on obtaining the ecpptv2 and OSCP in 2021. Just documenting my experience of becoming a pentester along the way.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Akash Kolte

19 April 2021 Welcome to the Jawahar Lalla Blogs Page.@jawaharlalla.

Crescent Moon And Dots Temporary Tattoo (Set of 3)

Very good and innoative products and well explained....cheers

8 Warning Signs That a Stroke Is Coming On–Look for Little Things, Like Sudden Loss of Balance

This is my first story. I bet you love it! Wait to see what’s coming…

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Allen

Allen

eJPT | Sec+ | Cyber Security Enthusiast. I plan on obtaining the ecpptv2 and OSCP in 2021. Just documenting my experience of becoming a pentester along the way.

More from Medium

Repair of Alzheimer’s disease and stroke with stem cell therapy

CS371p Spring 2022: Santi Dasari: Final Entry

How to reset a warrior to level 1

Clay, Paper, Foam