Netmon

Type your comment> @006c21 said:

Just rooted… can help someone with right path… just PM me :slight_smile:

please give me hint

I found the con********.o**.b*k the credentials but when i try to log in in the home page , it says: Login error .

I reseted the machine and tried again but its still doesnt work… somebody can help me?

Type your comment> @tw1zr said:

Type your comment> @mocastle said:

got the user easily.

However, I am having difficulty of getting root.
I found that username and paintext password from file named ‘P*** ************.o.**k’ for accessing the portal. However, the password seems incorrect even if I reset the machine.
Could you please provide some help. Thank you so much!

It has been said about 100 hundred times throughout this forum post.
Think like a user and, what year is it?

Thank you so much for your help @tw1zr
I finally got root.

Type your comment> @Takao said:

I found the con********.o**.b*k the credentials but when i try to log in in the home page , it says: Login error .

I reseted the machine and tried again but its still doesnt work… somebody can help me?

Which year is it? Think like the user…

I have gotten user. I think I know a path to root, but I am having trouble logging in. Can some DM me with a nudge?

My summary of this box is rather straight forward, user is stupid easy and is all u need to find the creds needed to access the Web Interface. A tips is to make sure you are seeing it all, look for interesting files and consider that the creds found might be old (will make more sense when u see the creds). After getting access to the Web Interface look for “Authenticated Remote Code Execution” :wink:

Hey guys, I got the part and know which part to exploit but i can’t figure out how to create a good payload for the ******.**1 file. Can someone dm me to give me a pointer.

hey guys , any help to find the password? please.

@aladante said:
Hey guys, I got the part and know which part to exploit but i can’t figure out how to create a good payload for the ******.**1 file. Can someone dm me to give me a pointer.

I’m in the same place… a nudge would be great, thanks in advance…

Hey guys a little nudge to the right direction would be appreciated.
I got the .dat and the .old and the .bak files but i’m not sure what i’m looking for there :DDD

Thanks for the machine! User flag took only a few minutes and was deceptively simple. Root flag took about an hour of reading through articles and finding two different security vulnerabilities regarding the product and then finding a tool for the latter part.

After root flag I did get a deeper look at the tool and related blog post of the vulnerability to understand how it works which took me an extra 30min and a cup of coffee.

Can someone DM me afew tips on this machine? I’ve spent a good while on it and i can’t seem to get anywhere, I’m new to this so any advice would be very welcome, Thank you

hey guy, i fount the user name in the file.

cant find the clear text password.

At this point, I got admin access to the webapp, there is a potential RCE that can be ran but I am not able to make changes to the code and the arguments to the script that can be ran seem useless. Can anyone give me a clue on this? Thanks…

Type your comment> @MaximShloz said:

@aladante said:
Hey guys, I got the part and know which part to exploit but i can’t figure out how to create a good payload for the ******.**1 file. Can someone dm me to give me a pointer.

I’m in the same place… a nudge would be great, thanks in advance…

I’ve rooted the machine now, very nice box! Enjoyed it plenty.

Got user and root - entirely through F**. Is this normal? Everyone is talking about the web app.

User: Come on, so easy, no hint required.
Root: Look at your .bat and .old files. Sometimes within other files. Think of the year we are in now. Look at sensors and what you can add. Try arguing with a powershell example.

I’d like to add that this was one of the worst boxes on HTB, imo. Resets every few minutes even on VIP did not add to the enjoyment of pwning.

Type your comment> @SiV4rPent3st said:

After a lot of researching (noob here) I was able to get the root flag but… Is it possible to get a shell? If someone knows please PM me :slight_smile:

100% you can get a shell… Just use your google fu to find yourself a nice one liner :wink:

Can someone help me? Got User, Login Creds and @MALVO 's Script running. But I have no clue how to get further…yes, I am new.

Type your comment> @wo0ly said:

Can someone help me? Got User, Login Creds and @MALVO 's Script running. But I have no clue how to get further…yes, I am new.

@MALVO script creates a new user on the box. You can then psexec using that user to run commands on the box with administrator group privs