HTB: Arctic - OSCP Prep Write-up
Old software on an old OS - a combination that keeps on giving. ColdFusion 8, Windows Server 2008 R2, and a privilege that lets you impersonate basically anyone. Arctic is a nice reminder of why patch management matters. Machine info Name Arctic Platform HackTheBox OS Windows Difficulty Easy TL;DR Port scan reveals a ColdFusion 8 server on port 8500. Browsing to it exposes a directory listing and an admin login page. Searchsploit surfaces CVE-2009-2265, a file upload RCE for ColdFusion 8. We mirror the exploit, set our LHOST/RHOST, and catch a shell as arctic\tolis. The service account has SeImpersonatePrivilege - classic potato territory. The OS is Windows Server 2008 R2 (Build 7600), which JuicyPotato handles well. We transfer JuicyPotato via SMB, use it to create a local admin account, then either catch a SYSTEM reverse shell or enable RDP and connect via xfreerdp3. ...