I knocked out TryHackMe’s Steel Mountain challenge this weekend. It’s a straightforward Windows box that hits the classic privilege escalation vectors you’d expect from an older Windows Server system.
My nmap scan revealed a Windows Server 2008 R2 - 2012 machine with the usual suspects. Port 80 was hosting Microsoft IIS 8.5, and port 8080 was running HttpFileServer (HFS) version 2.3.
1
2
3
4
5
|
PORT STATE SERVICE VERSION
80/tcp open http Microsoft IIS httpd 8.5
8080/tcp open http HttpFileServer httpd 2.3
3389/tcp open ssl/ms-wbt-server?
445/tcp open microsoft-ds Microsoft Windows Server 2008 R2 - 2012
|
HFS 2.3 has a well-known RCE vulnerability, so that was my entry point. Got initial access as user Bill without much fuss.