Introduction

Today I explore Optimum from HTB; a OSCP like box featuring a Rejetto HTTP File Server v2.3 and a MS16-098 privilege escalation. I start each box by running AutoRecon (which I have mentioned several times in other articles). During the first few seconds I see Port 80 is open so I head over to the website and see a web application running.

Copy
Viewing Port 80 shows HttpFileServer 2.3 running.

Viewing Port 80 shows HttpFileServer 2.3 running.

I have seen the Rejetto HTTP File Server v2.3 before and know the exploit required for it can be found HERE.

Exploit tells me I need to have an nc session running.

Exploit tells me I need to have an nc session running.

I setup a nc session on my local machine and a local HTTP server. Once on the machine I check System Information (a great way to do that is outlined in the link by HackTricks) and run MS16-098 based off my findings.

Copy
Copy
Proof of Optimum from HTB.

Proof of Optimum from HTB.

Sorry for the brief article! I did this quickly in the past before the OSCP related boxes. Will put a lot more information on future boxes.

Rooted

Published On: October 13th, 2020 / Categories: HTB, Technology / Tags: , /

Leave A Comment