Skip to content

Authby 🔸

Enumeration

Enumerating the ftp we can log in as anonymous

We can notice offsec, anonymous and admin that can be users.

We try to re login with admin admin and it works

Initial Access

We have credentials for :242

Using john...

We can write to that ftp folder so now we can upload a reverse shell and

Privilege Escalation

Get the flag

We have seimpersonate

But this is an old machine x86 and we need juicy potato x86 and a correct CSLID

https://github.com/ivanitlearning/Juicy-Potato-x86

https://github.com/ohpe/juicy-potato/tree/master/CLSID/Windows_Server_2008_R2_Enterprise

So transfer potato and a reverse shell with msfvenom x86

Post Exploitation

Another Privilege Escalation (intended)

This is a very old machine, search for a priv esc exploit

Compile it, transfer it and execute it.