This week is a combined post because last week I was not able to make much progress due to some travel for a training workshop.
I was finally able to finish off the limited access shell that I previously found. Getting the limited access shell was relatively straight forward but then I was required to use privilege escalation techniques to get to system level access. There is a great guide by FuzzySecurity on Windows Privilege Escalation Fundamentals that came in handy. One important note is that you cannot use the current version of “Accesschk.exe” from sysinternals with the /accepteula flag to prevent popups because it would just hang, which is probably due to older operating systems in the lab. There are other guides that will link you to an archived version of the executable.
The seventh shell I was able to get ended up needing Linux Privilege Escalation. This was fairly fitting that I did both of these boxes back to back. I think the Linux box was more frustrating to get the exploit to compile but “try harder” couldn’t be more true.
Course Pages: 380 / 380
Lab Shells Popped: 7