Hack into a Mr. Robot themed Windows machine. Use metasploit for initial access, utilise powershell for Windows privilege escalation enumeration and learn a new technique to get Administrator access.

Room Link: https://tryhackme.com/r/room/ice

Task 1 - Introduction

Deploy the machine.

Q: Who is the employee of the month?

A: Bill Harper

Task 2 - Initial Access

Q: Scan the machine with nmap. What is the other port running a web server on?

A: 8080

Q: Take a look at the other web server. What file server is running?

A: Rejetto HTTP File Server

Q: What is the CVE number to exploit this file server?

A: 2014-6287

Q: Use Metasploit to get an initial shell. What is the user flag?

A: b04763b6fcf51fcd7c13abc7db4fd365

Task 3 - Privilege Escalation

We have an initial shell on this machine as user Bill. Now, we will further enumerate the machine and escalate our privileges to root to obtain the final flag!

We can use the PowerUp PowerShell script to esclate our privileges.

Download the script using the following command:

wget https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Privesc/PowerUp.ps1

We will use the upload command in Metasploit to upload the script.

To execute this using Meterpreter, we will type load powershell into meterpreter. Then we will enter powershell by entering powershell_shell:

Task 4 - Access and Escalation Without Metasploit