HackTheBox - Love Writeup
Love is an easy Windows machine featuring a vulnerable voting system web application. Initial enumeration reveals a service on port 5000, but direct access is denied. A secondary file scanner service is found to be vulnerable to SSRF, which is exploited to access an internal password manager. Credentials obtained from this allow authentication to the voting system, which is vulnerable to authenticated Remote Code Execution. This grants access as the phoebe user. Post-exploitation reveals AppLocker is enabled, but a misconfiguration allows privilege escalation by deploying a malicious .msi file, resulting in a shell as SYSTEM.
August 25, 2021 1 min read ssrf upload-vuln AlwaysInstallElevated winpeas msfvenom gobuster msi-file 
