Hack The Box — Granny Writeup without Metasploit

HTB Granny box is quite similar to Grandpa box. I can’t find the difference between Grandpa and Granny. Therefore, i used a different approach in the way of escalating privileges. This box has vulnerable IIS version running which can be exploited using one of the publicly available exploits and gain low privilege user shell which can eventually be escalated to root or system privileges using Churrasco. This time Churrasco is used to get a reverse shell.

Enumeration

Started off with usual Nmap scan.

This machine also has the same IIS version running, which can be exploited as below. ( Exploit can be downloaded from here).

Getting initial foothold

Setup the NC to catch the reverse shell.

Privilege Escalation

Used Windows exploit suggester to find out a way to escalate privileges.

I used the same Churrasco exploit for this machine also but in a different way. This time, i used to get a reverse shell.

Transferred the Churrasco exploit and NC.exe over to the target machine and exploited as below while the NC was listening.

Lessons Learned

This machine should have been updated when the patches were made available to prevent any compromises.

15 boxes are down!