Today I explore Optimum from HTB; a OSCP like box featuring a Rejetto HTTP File Server v2.3 and a MS16-098 privilege escalation. I start each box by running AutoRecon (which I have mentioned several times in other articles). During the first few seconds I see
Port 80 is open so I head over to the website and see a web application running.
Viewing Port 80 shows
HttpFileServer 2.3 running.
I have seen the Rejetto HTTP File Server v2.3 before and know the exploit required for it can be found HERE.
Exploit tells me I need to have an
nc session running.
I setup a
nc session on my local machine and a local
HTTP server. Once on the machine I check System Information (a great way to do that is outlined in the link by HackTricks) and run MS16-098 based off my findings.
Proof of Optimum from HTB.
Sorry for the brief article! I did this quickly in the past before the OSCP related boxes. Will put a lot more information on future boxes.