Browsers are
difficult
Please wait, loading your map...
HTB - Lame
MAT1595 - Active
Scanning
nmap scan
Mitre Att&ck T1592.002:
Gather victim Host Info
tcp Port 21 identified -
Grab banner
$ ftp 10.10.10.3
$ Searchsploit vsFTPD
$Searchsploit -x 17491
Execute 17491 -
Unsuccessful
tcp Port 139/445 SMB/
Samba
$Searchsploit samba
$Searchsploit -x 16320
Mitre Att&ck
T1135:Discover -
Network Share
Discovery
$sudo smbmap -H
10.10.10.3
$sudo smbclient --
nopass //10.10.10.3/tmp
Pull down found files to
local attack box
Use 16320 payload
Create listener on Kali
$nc -lnvp 443
Execute 16320
Gain shell access as
ROOT
Upgrade Shell
Find flags
Run netstat to view
open ports
Check what users have
a shell on the system (/
bin/bash or /bin/sh)
SU to makis
Mitre Att&ck
T1068:Privilege
Escalation
Execute 17491 again
using internal makis
account
tcp Port 3632 distccd
$searchsploit distcc
$searchsploit -x 9915
Search nmap scripts
distcc-cve2004-2687.nse
identified
Run nmap script distcc-
cve2004-2687.nse for
RCE
Attempt to update RCE
to shell - Mitre
Att&ckT1404: Exploit OS
Vulnerability &
T1588.005: Resource
Development
Successful shell but not
as root. Upgrade shell
searchsploit for local
privilege escalation.
Identified 8572.c
Execute 8572.c
unsuccessful. Going to
try a script using Lin
Peas
Mitre
Att&ckT1083:Discovery
file and directory
discovery
Download Lin Peas from
github and pull to
victim
Execute linpeas.sh on
victim & review output
Execute nmap gtfobin
to gain escalate privs
from daemon to root
interactive shell.
Mitre Att&ckT1548.001
Privilege Escalation
SUID and SGID
tcp port 22 ssh
Google: openssl
predictable prng github
& grab exploit from
github
Mitre Att&ck
T1110.002:Credential
Access Password
Cracking
untar ssh key files
downloaded from
github
Locate the public/
private keys
Use private key to log
on as root
Additional exploits
searchsploit unrealircd
searchsploit -x 16922.
Execute payload
Mitre
Att&ckT1046:Discovery
Network Service
Scanning & T1404:
Exploit OS Vulnerability
×
Created using
MindMup.com
