Ocelot Security

Search

Skip to content

[root@ocelot]-[~]$ whoami Ocelot Security

Search for:

Devel

June 14, 2021 Ocel0t Leave a comment

Devel is a very fun box that gets into reverse shells and default web pages. Start with an nmap scan.

Note the anonymous login and the IIS version

Look up an msfvenom payload that will match your OS version and architecture

Upload the reverse shell script to the web page

Start a reverse shell listener with netcat

OR use metasploit as the listener

This is the webpage of the box

Navigate to the uploaded shell to execute it

Now back on our listener we should have a shell, see what info you can get

Hmmmmm not root

Okay we need to escalate our privilege

If you are in meterpreter background the session and run the local exploit suggester post module

Try using some and see what you get, here we may have just got root with the kitrap0d

NICE!

Finish it off by submitting the flags

Share this:

X
Facebook

Like Loading...

Related

Post navigation

Previous PostBlue Next PostJerry

Leave a comment Cancel reply

Δ

Hacking Writeups and blog

[root@ocelot]-[~]$ whoami Ocelot Security
Intro to Pen Testing
Pen Testing AzureAD
Pen Test Workflow
Techniques
Labs
Github
Blog
Hack The Box
- Nibbles
- Jerry
- Devel
- Blue
- Lame
- Legacy
TryHackMe Writeups
- Pre-Security Path
- Pickle Rick
CEHv11

Comment
Reblog
Subscribe Subscribed
- Ocelot Security
- Already have a WordPress.com account? Log in now.

Loading Comments...

Write a Comment...

Email (Required)

Name (Required)

Website

%d