This write-up details a Windows Privilege Escalation exercise using Hack The Box’s Arctic machine, showcasing steps taken from initial reconnaissance with Nmap to exploiting Adobe ColdFusion 8 for privilege escalation. The author emphasizes the importance of adapting strategies and being familiar with exploits. Affected: Windows OS, Adobe ColdFusion
Keypoints :
- The author conducts a lab environment exercise for educational purposes.
- An Nmap scan identifies the target as a Windows machine with an unusual service on port 8500, FMTP.
- FMTP is a multicast transport protocol with no public exploits available.
- The author discovers an exposed Admin panel for Adobe ColdFusion 8 at the administrator directory.
- SearchSploit reveals multiple vulnerabilities for ColdFusion 8, including an RCE exploit.
- A Python script generates a reverse shell payload, allowing access to the system.
- Initial access is established as user ‘tolis’, and the author retrieves a user flag.
- The author utilizes tools like WinPEAS and WES-NG for enumeration towards privilege escalation.
- Identified vulnerability CVE-2010–2555 (MS10–059) for privilege escalation and successfully executes the exploit.
- The author transitions from being stuck to pivoting strategies, successfully gaining SYSTEM access.
- A root flag is obtained from the Administrator’s Desktop, confirming successful privilege escalation.
- Lessons learned include the value of adaptability and awareness of exploits.
Full Story: https://medium.com/@emuzzi19/secret-sauce-c13f37f04b9f?source=rss——cybersecurity-5