Skip to content

Krovs' Writeups

Billyboss

Metadata
- April 10, 2025
- in Proving Grounds, Windows
- 2 min read

Billyboss 🔸

Enumeration

Port 80 has a baget instance.

Port 8081 has a nexus repository manager.

Initial Access

Using nexus:nexus, we are in.

Now executing the exploit (and changing the IP and cmd inside).

Get the flag.

Privilege Escalation

We have SeImpersonatePrivilege but I can't get potatos to work, whoami doesn't work, not valid for proof.

So we get all updates and notice one that is installed by nathan.

We can use this exploit: https://github.com/danigargu/CVE-2020-0796

Post Exploitation