Skip to content

Authby 🔸

Enumeration

Enumerating the ftp, we can log in as anonymous.

We can notice offsec, anonymous, and admin that can be users.

We try to re-login with admin:admin and it works.

Initial Access

We have credentials for port 242.

Using john...

We can write to that ftp folder, so now we can upload a reverse shell and...

Privilege Escalation

Get the flag.

We have SeImpersonatePrivilege.

But this is an old machine x86 and we need juicy potato x86 and a correct CLSID.

https://github.com/ivanitlearning/Juicy-Potato-x86

https://github.com/ohpe/juicy-potato/tree/master/CLSID/Windows_Server_2008_R2_Enterprise

So transfer potato and a reverse shell with msfvenom x86.

Post Exploitation

Another Privilege Escalation (intended)

This is a very old machine, search for a privilege escalation exploit.

Compile it, transfer it, and execute it.