Netmon

Does anyone want to throw me a hint on the syntax for the notification? Found the cve but… Lost

Hello to everyone. Supernoob here. Netmon is my first box. So user was supereasy even for me. it needed 2 minutes to find it. As far the root is concerned i found the vulnerability, i found the exploit i am going to use, but i can’t find the credentials in order to use the exploit properly. I am lost inside the F** and the problem is i don’t know where to look at. Am i in the right direction or i am going to be lost 4 ever in F**. Thanks in advance

lost at the last stage … did everything correct run the exploit … all good.
but how or where can i use the created creds from the exploit?

Got the same issue. Someone who can help?

yes i got root!

Rooted. User is very easy. Root takes some creativity, but it’s still fairly simple.

I was unfamiliar with the application before attempting this box, so I had to research it first. Once I found what I needed I was able to use it to grab the root flag. There is no need for any brute force, password change, or account creation. 1 service and 1 application will give you all the access you need.

PM for hints.

Finally got root, had some strange issues getting my reverse to work, although learnt a lot about the vuln!

If a complete noob like me can Root this machine everyone can!!!
Feel free to ask!

Super frustrating, but good practice. It’s hard to find the root file when you keep getting booted. I did get a shell but it get kept dying so I moved on. Anyway, for the people asking what to do after running the exploit… the hint I give you is: “smell my ■■■■”. I was watching the log after logging in to the app to see if I could figure out what the ■■■■ was going on. It seems people keep hitting the “forgot password” link and resetting the pw for the app, not to mention doing other “strange” things. Enjoy!

Finally got the root.txt file! Had a real brain fart on this one but riotstar got me pointed in the right direction. It doesn’t help that my Powershell skills are very rusty to say the least.
In the end this is a fairly easy hack once you put it all together. If anyone needs a hint on how to get this done send me a PM.

Got user.txt but stuck on root.
please PM me

Type your comment> @laughingman777 said:

Making some progress…

User flag: Very easy. It’s actually not even protected. Look at the standard services.

EDIT
Root flag: Got root.txt. some hints that will help others. This really is an easy box. YOu may need to read about PRTG functionalities.

  1. Think like a user is probably useful in hindsight. Not to initially find out the creds. So go through your standard steps to discover cred.
  2. Read up an (obscure??) PSA regarding PRTG’s exposing domain creds. That will provide a hint of where to look for a file. That will get you into the web ui.
  3. A GUI based client for the f** service makes things easier. Someone mentioned grep earlier… that is what you will need next.
  4. There’s a functionality once you get in to PRTG that allows you to provide arguments… exploit it. And if you have trouble launching it after setting it up, look for the bell icon. It takes upto 2-3 mins for execution after its in queue.

I found this to be really good guidance. I got my first User, and am so close to Root! I’m at step 4 above, and I tried it so many times, but clearly it’s not working–not even my test shows up. How come everyone else gets this to work???

This was my first box on hackthebox, it took me a whole day, and I mean literally a whole day - even WITH HELP from an uberleet (who was very patient). When I got stuck and almost was gonna tear my hair off and jumping out of the window the person helped me to the next step.

I dont think I would’ve solved this by myself, in 1 day.
I think I would have solved this by myself in 1 week perhaps, minimum. I am really new to this, like, I had to download ftp, vsftpd, nmap. I am completly blown away by the whole process and my head feels 10/10 fried chicken nuggets and I’m done for the tonight.

Fun fact:
Time it took to “own user”: perhaps 2h.
Time it took to “own root”: perhaps 6h.
I was messing with metasploit, burpesuit, filezilla, reading stuff about ftp, nmap, windows commands etc and alot more.

There’s alot here to learn for a beginner. ■■■■. But the feeling when I got root, man, best feeling ever, and it feels so insane that something so hard, can be so incredibly easy when you know how to solve it. If I could do everything again I would’ve probably solve it in 20min, tops.

Remember:
If you get stuck at some point, it’s OKEY to ‘cheat’ a little, the answer isnt gonna jump right at you if u are looking at the total wrong way, even if u do it for hours and hours. The positive thing is that you learn so much about IT-security along the way, even if you are not really making any progress with the task.

After hours of not moving ahead, preferrably have someone point finger at where the next step could be, but you have to deserve it, and this is extreamly frustrating. Even with all the hints posted, it is hard sometimes to
derive something informative and useful from it.

What a fun challange tho, thanks for this!
Best community ever.
Good luck everyone!

Anyone willing to help me out?
This is my first box on here, I got user which was easy trying to get root, I know what I need to get I just am not sure how to get it if that makes sense?

Feel free to PM me.

Enjoyed the box. Got root, but my DOS injection skills are lacking. Had to drop the root.txt in plain view of anonymous ftp users. Given how often the box is reset maybe not a big issue. Any suggestions on how to inject off box would be helpful.

Why are people resetting this every 1 minute?

Damm! admins! please can you stop resetting this!

I got the creds im @ the admin console, but i can’t get the syntax right

I got the creds for admins console. I’m trying to exploit the server but it’s my first, it’s hard. I tryed to use the exploit that use the cookies and a reverse shell with powershell but i’m doing mistakes i guess. can someone help me / pm me for root please !

rooted. Nice box. Things to take away →

  • research the application more that you are attacking. It makes a difference to know what directories do what.