Kevin
Last updated
Last updated
Source: Proving Grounds OS: Windows Community Rating: Easy
Started autorecon and got flooded with open ports: 80, 135, 139, 445, 3389, 49152 -> 49159
Naturally, I started with my favorite, HTTP (80).
I was greeted by an HP Power Manager login page.
Out of pure muscle memory, I typed admin:admin
, and boom, it worked. After a quick poke around that ended with nothing, I searched for exploits and found CVE-2009-2585.
To use this CVE, I needed a payload. So, I generated one with msfvenom
:
Replaced the payload in the PoC and ran it, instant shell! And the best part? No privilege escalation needed. The exploit gave me SYSTEM straight away. Easiest win ever.
None required; I was already SYSTEM upon initial access.
Check for CVEs