Optimum is a beginner-level machine that is more of enumeration of services with known exploits. These exploits are easy to work out and get the flag. We will be having two parts in this blog. This is the first part
• Windows Exploit Suggester
$ sudo nmap -sSV -T5 -p- 10.10.10.8 –allports
We can see that only PORT 80 is open. HttpFileServer (HFS) version 2.3 is running on the webserver.HFS rejetto is an open-source file-sharing webserver. The latest version is 2.3m but this machine runs on version 2.3 which is outdated and vulnerable. After a quick google search, I found this version has multiple Remote Code Execution.
As always, I opened my Metasploit and searched if there is a pretty good exploit. I got an excellent RCE. let’s try it and see if the magic works.
I did a mistake while setting options, I didn’t add SRVHOST and SRVPORT. So, it simply did not open the meterpreter session. After checking the options I came to know SRVHOST option is used when exploiting a webserver.
I mentioned SRVHOST and SRVPORT and it worked perfectly.
At last, I got the session, and let’s check what we can extract. I checked for the system info and got a bunch of information.
The machine runs in windows 2012 R2 and x64 architecture. Also, the build is 6.3 9600 which is a pretty old version. If this is not well patched, we can easily exploit and gain access.
Now I want to view the full system information. So I opened the shell and gave the command systeminfo and got the below information
Microsoft Windows [Version 6.3.9600]
(c) 2013 Microsoft Corporation. All rights reserved.
Microsoft Windows Server 2012 R2 Standard
6.3.9600 N/A Build 9600
OS Build Type:
Original Install Date:
System Boot Time:
VMware Virtual Platform
1 Processor(s) Installed.
: AMD64 Family 23 Model 49 Stepping 0 AuthenticAMD ~2994 Mhz
Phoenix Technologies LTD 6.00, 12/12/2018
en-us;English (United States)
(UTC+02:00) Athens, Bucharest
Total Physical Memory:
Available Physical Memory:
Virtual Memory: Max Size:
Virtual Memory: Available:
Virtual Memory: In Use:
Page File Location(s):
31 Hotfix(s) Installed.
1 NIC(s) Installed.
: Intel(R) 82574L Gigabit Network Connection
Connection Name: Ethernet0
DHCP Enabled: No
As I go the full sysinfo, Here I used the Windows-Exploit-Suggester as this is Windows server 2012 R2. So before we run this exploit I have to download the system info in a text file and run it with the windows exploit suggester.
meterpreter> execute -f “cmd.exe /c systeminfo>sysinfo.txt”
After downloading and saving it in my local I used the sysinfo with exploit suggester.
$ python2 windows-exploit-suggester.py –database 2017-08-27 -mssb.xls –systeminfo /location of the txt file you downloaded
But it threw an error mentioning excel(xls) library. I tried to update the windows exploit suggester but that didn’t work
$ python2 windows-exploit-suggester.py –update
Here I like to mention that there are two ways, one is windows exploit suggester and another one is using Metasploit exploit suggester. I am trying to use Windows exploit suggester as this is a new tool I’m working on.
I am currently troubleshooting the error and will fix this and show you guys both the exploit suggester in the next part
Comments are closed.