[HackTheBox] Granny

Siddharth Johri

Oct 10, 2021

--

This is a really interesting box. HTTP requests can be used in such different ways.

Reconnaissance:

whoooosh… PUT is available huh…. direct foothold?

When I tried to PUT shell.aspx

Since we also have move available, lets try to put shell.txt and then move it.

Cool

Fire.

Foothold:

Just a simple curl.

Privilege Escalation:

So Certutil didn’t work as it should have, so I found a new way to make wget for windows with VisualBasic.

MS11–046?

Apparently not. :(

Churrasco?

whoooooooooooooooooooooo!!!!!!!!!!

DOPE.

After Thought:

So this box wouldn’t be possible without churrasco. If that’s where you got stuck then don’t worry, there is always a first time using a tool.

There is more than one way to do this box obviously but I did not want to use metasploit to get the privilege escalation.

Have a nice Hack!! :D

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

Hackthebox Writeup

Written by Siddharth Johri

To hack the world, first you need to make coffee

No responses yet

Write a response

What are your thoughts?

Also publish to my profile

Help
Status
About
Careers
Press
Blog
Privacy
Terms
Text to speech
Teams