· 14 min easy Windows Grandpa
HTB: Grandpa
A buffer overflow in IIS 6.0's WebDAV handler delivers code execution on Windows Server 2003, and token kidnapping completes the escalation to SYSTEM.
#htb
#iis
#webdav
#windows +2
· 14 min easy Windows Granny
HTB: Granny
IIS 6.0 with WebDAV enabled permits unauthenticated file upload via PUT and MOVE, bypassing extension restrictions to deploy an ASPX webshell. Token kidnapping (MS09-012) escalates NETWORK SERVICE to SYSTEM on Windows Server 2003.
#htb
#iis
#webdav
#windows +1