Port Scanning and General Enumeration (Nmap, Nikto)
Initial scan showed just 80 (HTTP) open
Gobuster returned nothing. Nikto had a bunch to say, but I’m starting to see a trend.
WebDav in the nmap scan,
WebDav in the nikto scan
Things we know
- IIS 6.0
- WebDav is enabled
Access (searchsploit, metasploit)
WebDav remote buffer overflow? There’s a python script, but I couldn’t get it to work. Let’s check out
That’s what we’re looking for!
And we’re in!
Privesc (metasploit, kitrap0d)
Running into issues with my shell and running post exploits. Something about insufficient privileges so I tried migrating to a different process
new process seems to work
That got us there