Metasploit was not used in this walkthrough.
Granny was done with all native Kali tools besides the windows-exploit-suggester.
This is a write-up for the Granny machine on the HackTheBox platform. HackTheBox is a website where users can test their pen testing skills by legally hacking into a wide variety of machines using different techniques.
This walkthrough was aimed at OSCP/PWK students preparing for the PWK course. No use of Metasploit or Meterpreter was used in this walkthrough making it very OSCP friendly. I hope you enjoy reading.
Initial Recon:
We begin with a nmap scan:
nmap -sC -sV 10.10.10.15
Starting Nmap 7.80 ( https://nmap.org ) at 2020-02-18 22:17 AEDT
Nmap scan report for 10.10.10.15
Host is up (0.31s latency).
Not shown: 999 filtered ports
PORT STATE SERVICE VERSION
80/tcp open http Microsoft IIS httpd 6.0
| http-methods:
|_ Potentially risky methods: TRACE DELETE COPY MOVE PROPFIND PROPPATCH SEARCH MKCOL LOCK UNLOCK PUT
|_http-server-header: Microsoft-IIS/6.0
|_http-title: Under Construction
| http-webdav-scan:
| Server Type: Microsoft-IIS/6.0
| Public Options: OPTIONS, TRACE, GET, HEAD, DELETE, PUT, POST, COPY, MOVE, MKCOL, PROPFIND, PROPPATCH, LOCK, UNLOCK…