Proving Grounds - Jacko
Box Overview Jacko is a Windows machine from Offensive Security’s Proving Grounds demonstrating H2 Database exploitation for remote code execution and privilege escalation via SeImpersonate token abuse. Difficulty: Intermediate (though arguably easier) Enumeration Nmap Scan sudo nmap -sS -sC -A [TARGET_IP] -T4 -oN first.scan -p- Key ports identified: Port 8082 - H2 Database Console (web interface) Port 22 - SSH Additional Windows services H2 Database Console - Port 8082 Accessing http://[TARGET_IP]:8082 reveals the H2 Database Console - a web-based SQL interface.
Read more ?