Pov
Pov
Pov 585
Pov
RETIRED MACHINE

Pov

Pov - Windows Windows
Pov - Medium Medium

4.5

MACHINE RATING

2808

USER OWNS

2582

SYSTEM OWNS

27/01/2024

RELEASED
Created by d00msl4y3r

Machine Synopsis

Pov is a medium Windows machine that starts with a webpage featuring a business site. Enumerating the initial webpage, an attacker is able to find the subdomain `dev.pov.htb`. Navigating to the newly discovered subdomain, a `download` option is vulnerable to remote file read, giving an attacker the means to get valuable information from the `web.config` file. The subdomain uses the `ViewState` mechanism, which, in combination with the secrets leaked from the `web.config` file, is vulnerable to insecure deserialization, leading to remote code execution as the user `sfitz`. Looking at the remote filesystem, an attacker can discover and manipulate a file that reveals the credentials for the user `alaading`. Once the attacker has code execution as the user `alaading` the `SeDebugPrivilege` is abused to gain code execution in the context of a privileged application, ultimately resulting in code execution as `nt authority\system`.

Machine Matrix

Ready to start your
hacking journey?