[HackTheBox] Bastard
This was the first medium box on TJNull’s list and it’s one of my absolute favourites.
Reconnaissance:
Enumeration:
Manual Enumeration made me pretty sure that we had to implement drupalgeddon. Since the scripts from searchsploit were not working, I used msfconsole. However :( They didn't work either.
After a lot of deliberation and senseless enumeration(reading release docs), I started looking at Drupal exploits on GitHub.
I came across one I had never tried before. EXPLOIT.
Instant shell.
Privilege Escalation:
The first thing I do on a windows box is whoami /priv to check for PrintSpoofer exploit, and voila
Sadly PrintSpoofer didn't seem to want to work.
After some more attempts and some reading on this privilege, I came across an article which made me realize that my executable wont work on this particular OS Version.
So basically next thing I did was google “SeImpersonatePrivilege Exploit”.
I found a pretty nice guide.
I think the second CLSID worked for me and I got a reverse shell as system user.
Note: I executed root.exe and it was not working. This took around 10 attempts since I was getting a connection but not a shell. After reading the walkthrough given by hackthebox it seems a bat file pointing towards this binary was a sure shot way of getting a reverse shell and well I tried it out and yes it did.
![[HackTheBox] Brainfuck](https://miro.medium.com/v2/resize:fit:679/1*0VuCkkDCIVvQHXbZvBFa8g.png)
