Remote was a fun windows box to hack. This is my second active target on HTB. My first was Traceback. Check that out for a similar web based exercise on Linux. Remote starts with a web vulnerability but requires finding credentials in a public share. DLL Hijacking is required to get a system shell. Lessons learned: Mounting a public windows share Exploit modifications – changing python code for a web exploit DLL Hijacking for privilege escalation Information gathering An initial nmap scan reveals some listening services.

Thanks to a zoom call with members of PA Hackers. I fully exploited my first active HTB machine where I got points for my effort. To celebrate getting root, here’s my write-up. I learned quite a lot with this machine. It introduced me to new PHP web shells and message of the day (motd) privilege escalation. Lessons Learned Open Source INTelligence (OSINT) refresher with Google and Github PHP web shell alternatives to php-reverse-shell.