Netmon

Type your comment> @KentoS said:

@D8ll0 said:

@SilentNL said:

I have the same issue. The R*C working with the correct cookie. And it seems like it’s creating a user. But I cannot connect with the newly created user (FTP or SMB). Can someone give me a tip?

How can you know if the user has been created?
If you read the source code, you will find the sign of that.

After that, if you are sure that the user has been created, just try again what you have tried before and it will work.

Also having this same issue, could you explain a bit about how we can confirm that the user has been created successfully? From running the exploit it seemed to be successful but I can’t log in using FTP or winexe/psexec :confused:

When you read the source code, the first function is creating a file with a name Pe****.txt in a directory.

So when you connect through FTP and see that file in the directory (look around), that means your code has been successfully executed.

Moreover, after creating the user, why you are interested to login to FTP? Find something more useful :wink:

can anybody help me out with root in PM?

I will also need help with credentials and root can somebody PM me and I can say what I have tried so far.

Type your comment> @YellowBanana said:

Rooted. Anyone need hints send me a pm.

Thanks to YellowBanana I have got the credentials and now I am working on root.

Is there a delay in the log files updating through ftp when compared to the app itself? Im validated into the portal and processes im executing are showing in the app logs but not in the ftp file. However after 10 minutes or so it is, at which point some other user promptly resets the box before i can continue testing.

rooted.
if anyone need help pm me for a hint.

Big thanks to YellowBanana for the hints, fully rooted the box. Feel free to pm me for a hint

FINALLY!!! Thanks to everyone for not resetting for 10 minutes whilst I managed to get my root flag. I enjoyed this box, spent way to long on it, but it was good fun!

I was able to create a user on the box via R**, but now I am completely lost. This is all new to me. Any tips?

was able to create user through p*** notifications… how could you log in with the credentials? I tried RC and fp but both gave auth failure

Type your comment> @tgallagher said:

was able to create user through p*** notifications… how could you log in with the credentials? I tried RC and fp but both gave auth failure

What other services are running on the box that you can log in to? Take a close look at port 445 and see if there’s any other kind of service, you can use your new credentials for that.

Anyone having issues with meterpreter session returning died after a second?

I have got user and the credentials but I am not sure on how to get root.I have read through prtg-network-monitor-privilege-escalation and it said to delete the logs (system) but when I try to do that it says access denied and There does not seem to be any way to gain code execution and I can’t see any way to upload a shell. If you can help I will be very grateful.

I got the user.txt but am lost on how to proceed? … See the login page … defaults creds dont work have tried to include yr … pls any direction is appreciated

Guys for Netmon just read carefully all txt files in the Public Folder

When i read all files in Public directory i find the root

Finally got user on Netmon, turned out all I needed was some “air support”. :stuck_out_tongue:

Pretty sure box is just getting reset and bruteforced…would appreciate some help if someone could PM me please.

I think I have creds and i’m on the right path. Don’t want the answer, but also dont want to get off path if the issue is inexperienced users resetting the box. Any help is greatly appreciated!

Rooted! Thanks to @YellowBanana and @panda1 for help without spoiling. Feel free to DM for help.

Tip: Don’t go down the rabbit hole if things that appear obvious aren’t working at first - there’s more than one way to achieve the same things. Get your information, take a step back and think about the origin of that information, and what it can be used for.

Type your comment> @Alexgot said:

Guys for Netmon just read carefully all txt files in the Public Folder

I have tried that and The only txt file I found was user.txt. Am I missing something really obvious.