Netmon

@Alexgot if you found root.txt in Public, that means someone didn’t clean up after themselves. I encourage anyone who found root that easily to go through and find root the proper way. You’ll learn more by doing the real challenge vs taking the easy way out for the points

Can anyone PM me with hint where the prtgadmin password can be found ?
I just manually inspected the whole ftp directory tree and there is only one file with the prtgadmin password, but only in hashed/encrypted form.

Type your comment> @gamewiz11 said:

@Alexgot if you found root.txt in Public, that means someone didn’t clean up after themselves. I encourage anyone who found root that easily to go through and find root the proper way. You’ll learn more by doing the real challenge vs taking the easy way out for the points

+1 to this

Hmm, it seems that there is something wrong with the box I am using (as VIP).
I just grepped all files available via the anon access and there are no plaintext creds for web access.

Can someone help me with the web access I think I have the password but it does not work.

Type your comment> @boolean700 said:

Can someone help me with the web access I think I have the password but it does not work.

Look at when the file you found the password in was generated. Is it possible the password has changed since then? What may it be?

Well, with some hints from some peoples far more educated than I am, I learned one thing.

DO NOT BELIEVE THE IN GODZILLA WHICH IS NORMALLY USED FOR FTPing :slight_smile:

Type your comment> @PavelKCZ said:

Well, with some hints from some peoples far more educated than I am, I learned one thing.

DO NOT BELIEVE THE IN GODZILLA WHICH IS NORMALLY USED FOR FTPing :slight_smile:

IN THE GODZILLA of course :slight_smile:

BINGO, root owned. Thx for the hint about proper tool for viewing files on FTP. I lost couple of hours with the stupid Godzilla. Otherwise the root hack is something like small lunch-break job.

At the final stage, the SMB port and the old good winexe is your friend :slight_smile:

Of course, I forgot to thank to the guy/girl who did the main job of scripting. Someone called lorn3m4lvo@protonmail.com

Spoiler Removed

The amount of people resetting passwords, brute forcing and resetting the machine makes me want to develop early alcoholism.

this box shouldnt be half as difficult as it is.

Im stuck searching the credentials on FTP, Please can yo PM where I can find them

Use some client which is able to see ALL dirs and files. Or use my above mentioned link which enable this functionality in Godzilla.

I found the clear text password of the prtgadmin , but it’s not working in the prtg gui also, i know what to do once i login but for know still won’t able to login from the n********, any tip ? am i in the correct track

Type your comment> @ismaileltahawy said:

I found the clear text password of the prtgadmin , but it’s not working in the prtg gui also, i know what to do once i login but for know still won’t able to login from the n********, any tip ? am i in the correct track

You’re in the correct track. Notice the cleartext pwd ? what’s odd :wink: ?

ROOTED!

It was actually really hard to not root this at the moment, because people kept copying the hash. Bit of an challenge to resist the constantly appearing root-hash.

Type your comment> @gilf0yle said:

User was too easy, Root was really fun, I’ve learned a lot. Thank you @mrb3n for the machine and thank you @54pp0r0 for helping me on the reverse shell syntax :slight_smile:

PS, reverse shell is not needed to get root.txt but if you insist, try switching all the " to '.

Edit: if you need help, feel free to contact me :slight_smile:

hello sir can you please help in the root access i cant even login in prtg network monitor

Rooted, thanks alot > @D1mas4lang