Optimum – HackTheBox Walkthrough

Optimum – HackTheBox Walkthrough

Optimum is a beginner-level machine that is more of enumeration of services with known exploits. These exploits are easy to work out and get the flag. We will be having two parts in this blog. This is the first part

Tools Used:

• Nmap
• Metasploit
• Windows Exploit Suggester

$ sudo nmap -sSV -T5 -p- 10.10.10.8 –allports

We can see that only PORT 80 is open. HttpFileServer (HFS) version 2.3 is running on the webserver.HFS rejetto is an open-source file-sharing webserver. The latest version is 2.3m but this machine runs on version 2.3 which is outdated and vulnerable. After a quick google search, I found this version has multiple Remote Code Execution.

As always, I opened my Metasploit and searched if there is a pretty good exploit. I got an excellent RCE. let’s try it and see if the magic works.

I did a mistake while setting options, I didn’t add SRVHOST and SRVPORT. So, it simply did not open the meterpreter session. After checking the options I came to know SRVHOST option is used when exploiting a webserver.

I mentioned SRVHOST and SRVPORT and it worked perfectly.

At last, I got the session, and let’s check what we can extract. I checked for the system info and got a bunch of information.

The machine runs in windows 2012 R2 and x64 architecture. Also, the build is 6.3 9600 which is a pretty old version. If this is not well patched, we can easily exploit and gain access.

Now I want to view the full system information. So I opened the shell and gave the command systeminfo and got the below information

Microsoft Windows [Version 6.3.9600]

(c) 2013 Microsoft Corporation. All rights reserved.

 C:\Users\kostas\Desktop>systeminfo

systeminfo:

Host Name:

 OPTIMUM

OS Name:  

 Microsoft Windows Server 2012 R2 Standard

OS Version:               

6.3.9600 N/A Build 9600

OS Manufacturer:          

Microsoft Corporation

OS Configuration:        

 Standalone Server

OS Build Type:

 Multiprocessor Free

Registered Owner:          

Windows User

Registered Organization: 

 

Product ID:              

 00252-70000-00000-AA535

Original Install Date:

18/3/2017, 1:51:36

System Boot Time:        

 9/9/2021, 8:20:21

System Manufacturer:

VMware, Inc.

System Model:             

VMware Virtual Platform

System Type:              

x64-based PC

Processor(s):             

1 Processor(s) Installed.

                         

 [01]: AMD64 Family 23 Model 49 Stepping 0 AuthenticAMD ~2994 Mhz

BIOS Version:

Phoenix Technologies LTD 6.00, 12/12/2018

Windows Directory:

C:\Windows

System Directory:

C:\Windows\system32

Boot Device:       

\Device\HarddiskVolume1

System Locale:            

el;Greek

Input Locale:             

en-us;English (United States)

Time Zone:                

(UTC+02:00) Athens, Bucharest

Total Physical Memory:   

 4.095 MB

Available Physical Memory:

3.492 MB

Virtual Memory: Max Size: 

5.503 MB

Virtual Memory: Available:

 4.951 MB

Virtual Memory: In Use:   

552 MB

Page File Location(s):    

C:\pagefile.sys

Domain:                   

HTB

Logon Server:            

 \\OPTIMUM

Hotfix(s):                

31 Hotfix(s) Installed.

                      

[01]: KB2959936

 

[02]: KB2896496

 

[03]: KB2919355

 

[04]: KB2920189

 

[05]: KB2928120

 

[06]: KB2931358

 

[07]: KB2931366

 

[08]: KB2933826

 

[09]: KB2938772

 

[10]: KB2949621

 

[11]: KB2954879

 

[12]: KB2958262

 

[13]: KB2958263

 

[14]: KB2961072

 

[15]: KB2965500

 

[16]: KB2966407

 

[17]: KB2967917

 

[18]: KB2971203

 

[19]: KB2971850

 

[20]: KB2973351

 

[21]: KB2973448

 

[22]: KB2975061

 

[23]: KB2976627

 

[24]: KB2977629

 

[25]: KB2981580

 

[26]: KB2987107

 

[27]: KB2989647

 

[28]: KB2998527

 

[29]: KB3000850

 

[30]: KB3003057

 

[31]: KB3014442

Network Card(s):          

1 NIC(s) Installed.

 

[01]: Intel(R) 82574L Gigabit Network Connection

 

Connection Name: Ethernet0

 

DHCP Enabled:    No

                                

IP address(es)

                                

[01]: 10.10.10.8

As I go the full sysinfo, Here I used the Windows-Exploit-Suggester as this is Windows server 2012 R2. So before we run this exploit I have to download the system info in a text file and run it with the windows exploit suggester.

meterpreter> execute -f “cmd.exe /c systeminfo>sysinfo.txt”

After downloading and saving it in my local I used the sysinfo with exploit suggester.

$ python2 windows-exploit-suggester.py –database 2017-08-27 -mssb.xls –systeminfo /location of the txt file you downloaded

But it threw an error mentioning excel(xls) library. I tried to update the windows exploit suggester but that didn’t work

$ python2 windows-exploit-suggester.py –update

 

Here I like to mention that there are two ways, one is windows exploit suggester and another one is using Metasploit exploit suggester. I am trying to use Windows exploit suggester as this is a new tool I’m working on.

I am currently troubleshooting the error and will fix this and show you guys both the exploit suggester in the next part