Access infocard

Intro

After solving a few VMs from Vulnhub I came across hackthebox. What intrigued me about the site was the first challenge you have to solve to register yourself. I knew then it wasn’t going to be like other platforms. At first it was it was intimidating as even setting up the vpn looked like a complicated task to me, so I didn’t use it for a while.

Getting User

As always first step is detecting services that are running on the machine.

nmap -sC -sV -oN access-tcp.scan 10.10.10.98
strings backup.mdb | less

Getting Root

Now for privilege escalation. Rooting this box was somewhat easy if you had a good idea of the command to run and it’s syntax.

runas /savecred /user:Administrator "c:\windows\system32\cmd.exe /c type \"C:\Users\Administrator\Desktop\root.txt\" > \"C:\Users\security\Desktop\roothash.txt\""

Extras

The web server running on port 80 was a dead end, it just had a web page with an image of a server.

Conclusion

This was a great box to refresh on cmd commands and also one way to privilege escalate a windows machine when an admin has saved their credentials. The provision of windows machines on hackthebox is what I think makes it a really great platform to practice on.

CyberSecurity | CTFs | https://blog.ikuamike.io

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store