Post

HTB Windows Easy: Grandpa

Grandpa is an Easy rated Windows machine on HTB.

Posted
By Gregory Allegoet
1 min read
HTB Windows Easy: Grandpa

Nmap

Pasted image 20240714201706.png

Initial Foothold

Exploit vulnerability

Look for exploit in Metasploit. Pasted image 20240714201702.png

Set options. Pasted image 20240714201658.png

Run the exploit. Pasted image 20240714201655.png

Priv Esc

We can use local exploit suggester to get a list of exploits. Pasted image 20240714201649.png

In this case the 3rd one worked, in order for the privilege escalation to work we need to migrate to another process, start by listing out the processes. Pasted image 20240714201645.png

Now migrate to a more stable process, in this case I picked davcdata. Pasted image 20240714201637.png

Metasploit

Now we can select the exploit and configure the options. Pasted image 20240714201630.png

Run the exploit to gain a meterpreter session. Pasted image 20240714201625.png

Run getuid to check the current user, we are nt authority/system. Pasted image 20240714201614.png

User.txt

Pasted image 20240714201607.png

Root.txt

Pasted image 20240714201603.png

You have PWNED!!!

Pasted image 20240714201559.png

CTF, HTB
Windows Easy
This post is licensed under CC BY 4.0 by the author.