[HackTheBox] Granny

This is a really interesting box. HTTP requests can be used in such different ways.

Reconnaissance:

whoooosh… PUT is available huh…. direct foothold?

When I tried to PUT shell.aspx

Since we also have move available, lets try to put shell.txt and then move it.

Cool

Fire.

Foothold:

Just a simple curl.

Privilege Escalation:

So Certutil didn’t work as it should have, so I found a new way to make wget for windows with VisualBasic.

MS11–046?

Apparently not. :(

Churrasco?

whoooooooooooooooooooooo!!!!!!!!!!

DOPE.

After Thought:

So this box wouldn’t be possible without churrasco. If that’s where you got stuck then don’t worry, there is always a first time using a tool.

There is more than one way to do this box obviously but I did not want to use metasploit to get the privilege escalation.

Have a nice Hack!! :D