Netmon

Do not change the password
Do not use Brute Force
Do not restart the box

The stability of the box is brainfuck xD

@19Rich said:

I’ve got the User, I’ve no idea what creds people are guessing for the web login though and I’ve spent a couple of hours exploring via FTP but failed to find any creds written down anywhere, even with the more thorough approach to listing contents. Can somebody PM me a nudge please? Thank you!

Cheers for the hints - I had the right details, just needed to kick the box to get them working :frowning: I know what I’ve got to do for the next step, give me a week and I might actually work out how to do it too! :-/

Type your comment> @19Rich said:

@19Rich said:

I’ve got the User, I’ve no idea what creds people are guessing for the web login though and I’ve spent a couple of hours exploring via FTP but failed to find any creds written down anywhere, even with the more thorough approach to listing contents. Can somebody PM me a nudge please? Thank you!

Cheers for the hints - I had the right details, just needed to kick the box to get them working :frowning: I know what I’ve got to do for the next step, give me a week and I might actually work out how to do it too! :-/

Similar sitiation as @19Rich. I have explored all conf file, unsucessfulls web login to get root access.

Can somebody could give me some hint by PM ?

Best regards

User is very simple and direct.

Please stop changing the default password… mkay thx

I just have to post something. OK. I kinda get why PPL are resetting PWD or reverting box. Can I just say think about it before you revert, yes if you did the most obvious way to get flag it’s probably the best/only option. but for all those resetting the password you are idiots, yes I mean that! read the htb rules for machine submission, if this was something needed to get root then box wouldn’t be alllowed!!

I asked for help a few times on this box, didn’t need it. It was all down to PPL resetting PWD or reverting box. so to help (as I like to): initial foothold is mega simple (no help there), that’ll get you user flag. next step keep enumerating, what application did you find, what version is it, are there any known vulnerabilities??? (yes there are!!). read the stuff you find about exploits, could there be anything you can do different to what you see online? another option maybe? play around.
Finally: DO NOT RESET PWD. if you see an error, what other things can you try?
DO NOT REVERT/RESET BOX unless you have to!!!

OK maybe I feel a little bad after those posts: Where else would you expect a NOOB to start other than a 20 point box! but you would also hope that those NOOBS would look at forum like I do when I am stuck, so if you are such a NOOB or a complete idiot experienced person changing PWD (lol) please read the comments!!

Very nice and easy box. Good one to start with if you are new! :slight_smile:

well…

To prevent the confusion I gained by reading the comments. No one is changing the password as suggested. :slight_smile:

Is it normal for the page not to load after entering default creds from the manual?

Type your comment> @jar03j said:

Is it normal for the page not to load after entering default creds from the manual?

mate. look deeper!

PLS PPL, read all previous comments before posting! : this box is IMHO 25 pointer(yep 5 extra!!): use what you get for initial ENUM, keep going, read up on possible VULNS. play around with those!!

Type your comment> @sillydaddy said:

is user through F** ?

EDIT :- ■■■■ GUI … used command line got it :slight_smile:

Super noob to HTB and system hacking in general. I’m trying to pwn user via FTP but I’m stuck so need a little direction. How should I be thinking to get the user? I have been stupidly trying out default creds. Would really appreciate some help.

Type your comment> @sillydaddy said:

is user through F** ?

EDIT :- ■■■■ GUI … used command line got it :slight_smile:

Super noob to HTB and system hacking in general. I’m trying to pwn user via FTP but I’m stuck so need a little direction. How should I be thinking to get the user? I have been stupidly trying out default creds. Would really appreciate some help.

Can anyone confirm if there is a way to proceed to root without logging in to the web login? I am pretty sure I have the correct username and password as it seems to start to login (showing percentages and other items) but then drops out. This is different than when I use the incorrect username and password. Even after someone else reset and I jumped on it as soon as it was up, I was not able to fully complete the web login.

Type your comment> @ncript3d said:

Type your comment> @sillydaddy said:

is user through F** ?

EDIT :- ■■■■ GUI … used command line got it :slight_smile:

Super noob to HTB and system hacking in general. I’m trying to pwn user via FTP but I’m stuck so need a little direction. How should I be thinking to get the user? I have been stupidly trying out default creds. Would really appreciate some help.

PM me

Where are you guys findind the creds?
I looked everywhere, downloaded some .dat and .old from ft* found nothing…

We use this application. I now know a good amount about the vulnerabilities. Granted we are very diligent about keeping things upgraded, this box has helped me better secure our environment. Big thanks to the creator.