Netmon

Got user.txt but stuck on root.
please PM me

Type your comment> @laughingman777 said:

Making some progress…

User flag: Very easy. It’s actually not even protected. Look at the standard services.

EDIT
Root flag: Got root.txt. some hints that will help others. This really is an easy box. YOu may need to read about PRTG functionalities.

  1. Think like a user is probably useful in hindsight. Not to initially find out the creds. So go through your standard steps to discover cred.
  2. Read up an (obscure??) PSA regarding PRTG’s exposing domain creds. That will provide a hint of where to look for a file. That will get you into the web ui.
  3. A GUI based client for the f** service makes things easier. Someone mentioned grep earlier… that is what you will need next.
  4. There’s a functionality once you get in to PRTG that allows you to provide arguments… exploit it. And if you have trouble launching it after setting it up, look for the bell icon. It takes upto 2-3 mins for execution after its in queue.

I found this to be really good guidance. I got my first User, and am so close to Root! I’m at step 4 above, and I tried it so many times, but clearly it’s not working–not even my test shows up. How come everyone else gets this to work???

This was my first box on hackthebox, it took me a whole day, and I mean literally a whole day - even WITH HELP from an uberleet (who was very patient). When I got stuck and almost was gonna tear my hair off and jumping out of the window the person helped me to the next step.

I dont think I would’ve solved this by myself, in 1 day.
I think I would have solved this by myself in 1 week perhaps, minimum. I am really new to this, like, I had to download ftp, vsftpd, nmap. I am completly blown away by the whole process and my head feels 10/10 fried chicken nuggets and I’m done for the tonight.

Fun fact:
Time it took to “own user”: perhaps 2h.
Time it took to “own root”: perhaps 6h.
I was messing with metasploit, burpesuit, filezilla, reading stuff about ftp, nmap, windows commands etc and alot more.

There’s alot here to learn for a beginner. ■■■■. But the feeling when I got root, man, best feeling ever, and it feels so insane that something so hard, can be so incredibly easy when you know how to solve it. If I could do everything again I would’ve probably solve it in 20min, tops.

Remember:
If you get stuck at some point, it’s OKEY to ‘cheat’ a little, the answer isnt gonna jump right at you if u are looking at the total wrong way, even if u do it for hours and hours. The positive thing is that you learn so much about IT-security along the way, even if you are not really making any progress with the task.

After hours of not moving ahead, preferrably have someone point finger at where the next step could be, but you have to deserve it, and this is extreamly frustrating. Even with all the hints posted, it is hard sometimes to
derive something informative and useful from it.

What a fun challange tho, thanks for this!
Best community ever.
Good luck everyone!

Anyone willing to help me out?
This is my first box on here, I got user which was easy trying to get root, I know what I need to get I just am not sure how to get it if that makes sense?

Feel free to PM me.

Enjoyed the box. Got root, but my DOS injection skills are lacking. Had to drop the root.txt in plain view of anonymous ftp users. Given how often the box is reset maybe not a big issue. Any suggestions on how to inject off box would be helpful.

Why are people resetting this every 1 minute?

Damm! admins! please can you stop resetting this!

I got the creds im @ the admin console, but i can’t get the syntax right

I got the creds for admins console. I’m trying to exploit the server but it’s my first, it’s hard. I tryed to use the exploit that use the cookies and a reverse shell with powershell but i’m doing mistakes i guess. can someone help me / pm me for root please !

rooted. Nice box. Things to take away →

  • research the application more that you are attacking. It makes a difference to know what directories do what.

took me about 3h to figure out how to root it… but finally did it :slight_smile:

So this is my first box. Managed to find user.txt really fast it was an obvious one. However, I got lost on the root. I did manage to find the file that throught my research should hold the password as well but I was not able to locate anything in the file that looks like a clear text password. I have been looking at it all day and with all the reverts and people breaking the box it is been hard. I just want someone who can point me to the right direction or potentially help me find where I have failed.

Edit: I am just stupid found it now. I now realise that sleep is REALLY important!

How often does n***** send n************? Every time I try it gets reset, so I don’t know if my script is wrong or if its because of the resets

I know I am overlooking the login for the web app. Ive been looking in the hidden dir logs any hint further would be appreciated. Please pm.

Guys I have P*** C***********.o**.b*k but I swear I don’t see any plain text password, tell me if I am blind.
Btw it is my first box and this is super fun

Edit: nvm, I’m blind.

took me more than 12 hrs trying to find out on how to copy the root file, reverse shell and upload a file through the admin console/notif/***.bat, all my trials failed Please pm :anguished:

Netmon actually convinced me to buy VIP subscription. These constant resets were unbearable…

By FAR, the most annoying thing that stupidly had me going in circles for hours, was that the path you need to find credentials is not visible by default when connecting to that one port. It’s there, and you can access it, but you won’t see it. If you found a million articles like I did on where some plaintext things might be, trust the paths you find in your research.

Hello All ,
I got user flag easily , i couldn’t find path for login creds.please throw me some hints in pm.

Thanks a lot

Hi team,

I am at the point where I am able to create the n**********ns but not sure how they are triggered. If someone could please give me a hint here.

PP