[HTB] optimum

Attacking Vector

http->code injection->web reverse shell(powershell) -> priv esc

Decision Tree

1)discovery : which ports are opened?
– only 80 port is opened

2)enumerate : input/output sanitization? third platform?
– check the website, does it use open source platform? any known vulnerabilities?
– inject malicious strings, %00, {, |, . are acceptable?
– can execute remote script?

3)manipulate webpage : any possible exploits?
– exploit db, python code compile -> cmd shell (okay)
– but, better way?

4)get a reverse shell : can we get a reverse web shell?
– manipulate HTTP request by using burp
– pawn a powershell

5)privilege escalation : any mis-configurations or vulnerabilities?
– upload/execute powershell script

Tools & References

tools: Empire, nishang, Sherlock
https://www.exploit-db.com/exploits/39161

Leave a Reply

Your email address will not be published. Required fields are marked *