Ctfs on Angus Dawson — Homelab & CTFs

Foothold & Privilege Escalation — Optimum (HFS)

Sun, 12 Oct 2025 12:00:00 +1100

Foothold & Privilege Escalation — Optimum (HTB-style)

Author: Angus Dawson
Target: 10.129.245.40 (lab box)
Attacker: 10.10.14.29 (Kali)

Summary: found HFS (HttpFileServer) on port 80, exploited CVE-2014-6287 with Metasploit to get a Meterpreter shell (user), then ran local post-exploit privesc modules and obtained Administrator to capture root.txt.

TL;DR

Recon: nmap showed HttpFileServer httpd 2.3 on port 80.
Vulnerability: CVE-2014-6287 — RCE in Rejetto HttpFileServer (HFS).
Exploit: exploit/windows/http/rejetto_hfs_exec (Metasploit) → Meterpreter → shell → user.txt.
Post-exploit: enumerated privesc modules, iterated until a working local exploit delivered SYSTEM, then captured root.txt.

Reconnaissance

I started with a straightforward service scan to identify active services and versions:

Cap — HackTheBox Writeup

Thu, 18 Sep 2025 00:00:00 +0000

IDOR → PCAP recovery of credentials → SSH user shell → Linux file capabilities (getcap) → root via python3.8 capability.

Wifinetic — HackTheBox Writeup

Thu, 18 Sep 2025 00:00:00 +0000

Anonymous FTP → backup extraction → credential reuse (SSH) → local wireless enumeration → WPS PIN attack (reaver) → root via local escalation.

Blue (HTB) — Walkthrough

Wed, 17 Sep 2025 00:00:00 +0000

Exploiting MS17-010 (EternalBlue) on a Windows 7 SP1 target. Recon, SMB enumeration, exploitation, and proof of SYSTEM access.