Post

Hackthebox Optimum Walkthrough

Hackthebox Optimum Walkthrough

Posted
Preview Image
By Hitesh Sharma
2 min read
Hackthebox Optimum Walkthrough

Optimum is a beginner-level machine which mainly focuses on enumeration of services with known exploits. Both exploits are easy to obtain and have associated Metasploit modules, making this machine fairly simple to complete.

  • Let’s Spawn the machine…..

# Enumeration

  • Let’s start with the Nmap scan
1
2
3
4
5
6
7
8
9
10
11
12
13
14

┌──(kali㉿kali)-[~/Desktop/HTB/Optimum]
└─$ nmap -sC -sV -p- 10.10.10.8 --min-rate=1500 
Starting Nmap 7.95 ( https://nmap.org ) at 2025-06-08 21:44 EDT
Nmap scan report for 10.10.10.8
Host is up (0.30s latency).
Not shown: 65534 filtered tcp ports (no-response)
PORT   STATE SERVICE VERSION
80/tcp open  http    HttpFileServer httpd 2.3
|_http-title: HFS /
|_http-server-header: HFS 2.3
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 146.36 seconds
  • on port 80 there a HFS server running on ….

# Exploitation

  • and bottom of the page i found the version to be 2.3 and so i googled it and found remote code execution vulnerability …

  • and there is a measploit module for this vulnerability in rejeeto-hfs windows/http/rejetto_hfs-exec
  • we will use this module and set the required options and after running the module we will get the shell as OPTIMUM\kostas

  • let’s grab the system information and its a Windows server 2012 and we have a session as x86
1
2
3
4
5
6
7
8
9

meterpreter > sysinfo
Computer        : OPTIMUM
OS              : Windows Server 2012 R2 (6.3 Build 9600).
Architecture    : x64
System Language : el_GR
Domain          : HTB
Logged On Users : 2
Meterpreter     : x86/windows
meterpreter >
  • before privilege esclation we can now grab the user flag ….

  • as we see we don’t have higher privileges and we got access denied , let’s escalate our privielges…

  • let’s check for the process running as x64 and we will migrate to that process ….

  • now we will background the current meterpreter sesison (CTRL+Z) and use the local_exploit_suggester module to look for privilege escalation vectors …

  • after looking at the results we will use the windows/local/cve_2019_1458_wizardopium module to escalate our privleges …

    we can also use the other identified methods or manul methods as i am going with this method

  • let’s configure the required options for this module ( which can be seen by using show options command) and run the module …
  • after exploitation , we will get the shell as NT AUTHORITY\SYSTEM
  • as we got the shell as highest privilege possible in windows ( similar to root in linux ) now we can grab the user and root flag….


# Final Thoughts

I hope this blog continues to be helpful in your learning journey!. If you find this blog helpful, I’d love to hear your thoughts — my inbox is always open for feedback. Please excuse any typos, and feel free to point them out so I can correct them. Thanks for understanding and happy learning!. You can contact me on Linkedin and Twitter
linkdin
Twitter

Walkthrough
hackthebox Optimum Walkthrough Windows
This post is licensed under CC BY 4.0 by the author.