Type your comment> @laughingman777 said:
Making some progress…
User flag: Very easy. It’s actually not even protected. Look at the standard services.
EDIT
Root flag: Got root.txt. some hints that will help others. This really is an easy box. YOu may need to read about PRTG functionalities.
- Think like a user is probably useful in hindsight. Not to initially find out the creds. So go through your standard steps to discover cred.
- Read up an (obscure??) PSA regarding PRTG’s exposing domain creds. That will provide a hint of where to look for a file. That will get you into the web ui.
- A GUI based client for the f** service makes things easier. Someone mentioned grep earlier… that is what you will need next.
- There’s a functionality once you get in to PRTG that allows you to provide arguments… exploit it. And if you have trouble launching it after setting it up, look for the bell icon. It takes upto 2-3 mins for execution after its in queue.
I found this to be really good guidance. I got my first User, and am so close to Root! I’m at step 4 above, and I tried it so many times, but clearly it’s not working–not even my test shows up. How come everyone else gets this to work???