✍️
CTF / Challenges / Boxes
  • ✍️CTF / Challenges / Boxes
    • 💬About me
  • TryHackMe
    • TryHackMe
      • Easy
        • Anonforce
        • Bounty Hacker
        • Brooklyn Nine Nine
        • Coldbox
        • Dav
        • Gaming Server
        • Ignite
        • Lazy Admin
        • Lian_Yu
        • Library
        • Plotted-TMS v3
        • Root Me
        • Simple CTF
        • Startup
        • Thompson
        • Wgel CTF
        • ToolsRus
        • Road
      • Medium
        • 0day
        • Anonymous
        • Haskell
        • Relevant
        • Mr Robot CTF
        • Road
  • HACK THE BOX
    • Hack the Box
      • Easy
        • Beep
        • Mirai
        • Keeper
        • Sau
        • Blue
        • Cap
        • Knife
        • Bashed
        • Nibbles
        • Cozy Hosting
        • Validation
        • Legacy
        • Antique
        • Pilgrimage
        • Wifinetic
        • ScriptKiddie
        • Explore
        • Horizontall
        • Blocky
        • Bank
        • Blunder
  • LetsDefend
    • LetsDefend
      • PRACTICE WITH SOC ALERTS
        • SOC146
        • SOC140
        • SOC114
        • SOC120
        • SOC141
        • SOC165
        • SOC168
        • SOC167
        • SOC169
        • SOC170
        • SOC104_ID14
      • CHALLANGES
        • Malicious Doc
        • Malicious VBA
Powered by GitBook
On this page
  1. TryHackMe
  2. TryHackMe
  3. Medium

Relevant

Last updated 1 year ago

  1. Enumeration machine.

  1. Samba enumeration.

  1. Log in to samba to one of the shares.

Getting file to our machine.

  1. In passwords.txt file we can found encoded strings.

We can decode these strings by using CyberChef.

They are usernames and passwords.

  1. The good news is that we can also access to this file from the browser using the correct port.

  1. Now we have to make a shell file in aspx (windows os) format and put the shell to smb server.

An ASPX file is an Active Server Page Extended file. Open one with your web browser or a text editor.

  1. Starting listener and going to new file from browser to make a connection.

First flag:

  1. Privilege escalation.

whoami /priv

The /priv command shows you what permissions you have.

  1. After spending some time looking for a solution, I found this:

We have to download that exploit to our machine and upload to victim system, using same way like before : samba.

  1. Starting exploit, getting system admin and flag.

DONE

🎉