HackTheBox - Rabbit

5nnJq_IWJog/default.jpg

01:40 - Begin of Recon (nmap, setting hostname, dns, nmap, ipv6)
05:45 - Checking websites (80,443,8080)
08:10 - Attempting to enumerate users of OWA-2010 (Fails)
14:10 - Checking out Joomla Version (/administrator/manifets/files/joomla.xml)
15:50 - Using SearchSploit with (Complain Management System)
19:38 - Register Account, Login, Verify/Play with SQL Union Injection
23:30 - Enumerating SQL Injection with SQLMap
29:18 - Going back to MSF/OWA_LOGIN and testing credentials.
32:15 - Logging into OWA and reading email to find out OpenOFfice, Defender, and Powershell Constain Mode is installed
36:20 - Creating a malicious OpenOffice macro with LibreOffice + Downloading an Executing a file without Powershell (certutil ftw)
40:18 - Compiling Merlin (like MSF/Empire)
48:40 - Sending the email and waiting.
50:20 - Merlin call back, Switch to Powershell Nishang to get a interactive shell
54:30 - Running PowerUp to find we are an Administrator
56:56 - Running JAWS to do some more Windows Enumeration
01:03:04 - Found an odd scheduled task "System Maintenance"
01:06:03 - Attempting to write a php shell to HTTPD
* Begin of weird issue with File Encoding breaking something *
01:12:30 - Frusterated creating a PHP Script... Switch to the SCHTask Privesc
01:18:20 - Uhh. Testing if echo is somehow breaking .bat/.php files
* Wth. That was actually the issue!?
01:21:50 - Going back to test PHP to verify it just didn't like echo.

5nnJq_IWJog/default.jpg
HackTheBox - Rabbit HackTheBox - Rabbit Reviewed by Anonymous on August 18, 2018 Rating: 5