HTB – Devel – no metasploit

this is the first nmap.

after this I open Sparta for automatic recconaissance. In this case the machine have an open 80 port. so Nikto will be lauched by Sparta.

on the port 80 there’s the default IIS 7 page

the server version is IIS-7.5
Nmap discovered the port 21 open.

Sparta discovered an ftp server with anonymous access:

so I tried to log on with ftp client and test a directory listing

let’s try to upload something with the ftp server
Create a new payload with msfvenom

upload is allowed

create an handler on msfconsole (allowed on OSCP!)



and we have a successful exploit

meterpreter is running as

find an exploit suitable with this environment

I’ve found an exploit suitable for this machine

https://github.com/abatchy17/WindowsExploits/blob/master/MS11-046/40564.c

I downloaded and compiled it from my kali. this is the command:

i686-w64-mingw32-gcc exploit.c –o exploit.exe] –lws2_32

after this upload the exploit.exe file to the machine. Use the FTP server in binary mode for the transfer.
after this, simply run the command from the meterpreter shell and…