i. Port Scan
Navigating to port 80:
Presented with an Under Construction page.
Running Nikto to enumerate the websoftware:
IIS 6 was shipped out with Windows 2003 R2 in 2005, which means it’s over 13 years old.
With software being that old, there’s bound to be an exploit out there.
Running the exploit in Metasploit:
Awesome, we got a shell!
iii. Privilege Escalation
We see that we are NT Authority\Network Service:
Network Service is a built-in account with reduced privileges.
Metasploit has a local exploit suggester module which displays exploits that the machine might be vulnerable to:
Going to attempt the last one,
To do so, first need to background the session. Then setup the options for the exploit:
$ background # backgrounds session $ sessions # shows available sessions $ set SESSION #
Once the options are setup, run the exploit:
The error can be fixed by migrating the process.
First switch back to the session, and run
ps to see available processes:
The migrate to another process.
Note: the process must have same or lesser privileges. If not, you'll get an error when migrating
Re-run the exploit as before:
Looking at the UID, we are now
This is a great beginner box into the world of Metasploit.
Thanks for reading.
Sources / Links: : https://serverfault.com/questions/217654/difference-between-nt-authority-network-service-and-nt-authority-system