Netmon

@ytho thanks for your post.
I have been trying what you have mentioned for the last couple of days with no success.
Are you able to PM me with another hint.

Finally…one step closer. Thanks @PavelKCZ for the hint.

Now my problem is Rev***TC session dies every time :frowning:

BTW…Thanks @PavelKCZ for the hint.

Woohoo! Got root and user.
Good starter box.

PM me if anyone need hints :slight_smile:

Hello, I have got the user hash and have got access in F** as a user however I am confused where i should look for the Root creds. Can someone please help me with this as i’m stuck ?

For root,
Here are some tips:

  1. Identify other services that are running apart from that on p80
  2. Google vulnerabilities of the app version running on the box. Through this, you will get access to the app.
  3. After that use hint from @PavelKCZ.
  4. Get into the box via the service identified in step 1 above.

Hope this helps.

About root access, I was able to recover the password (or at least I’m pretty sure it is correct) but I couldn’t log in, is this normal?

Should it be used for the exploit only?

Please, for the love of all that is unholy, stop changing the creds and STOP THROWING THE DOS

Type your comment> @shellsmoke said:

Please, for the love of all that is unholy, stop changing the creds and STOP THROWING THE DOS

Seriously… It’s more frustrating than not getting the root hash lol

This box is definitely making me work!

Edit: Rooted!

As most have started above I was able to get User pretty Easy. I’m having trouble getting Root however. I was able to find the “blog post” but can’t seem to get it to work properly. Any help would be appreciated!

Need some guidance if anyone is willing to assist! Been trying to get root now for a couple of days and it’s killing me. I’ve kept a list of avenues I’ve been looking into, I would like to know if I’m on the right track or not.

@und3rsc0r3labs said:
As most have started above I was able to get User pretty Easy. I’m having trouble getting Root however. I was able to find the “blog post” but can’t seem to get it to work properly. Any help would be appreciated!

was finally able to get root after multiple days!

best advice I can give is read read read. I tried to rush things because it was marked “easy”. After getting stuck on multiple things I stopped and started reading parts of the application I was messing with and everything slowly started falling into place.

Type your comment> @PurePi said:

Woohoo! Got root and user.
Good starter box.

PM me if anyone need hints :slight_smile:

bro in netmon active mission.i cant find there root.txt in this mision please give me a hint.please

please little help on root here: im logged in as an authenticated user to the ovbious pannel and i know RCE vuln is available ive enumerated and know exactly what to do however the problem is im not usre how to do that in terms of the HTTP Sensors etc please can some one help me or hint me

If anyone is giving FIreeye’s Commando VM a tour when doing this box, make sure you don’t accidentally let Windows Defender block a key application. Wasted 30 minutes as to why **p commands were only partially working…

Type your comment> @blackbestbb said:

Type your comment> @PurePi said:

Woohoo! Got root and user.
Good starter box.

PM me if anyone need hints :slight_smile:

bro in netmon active mission.i cant find there root.txt in this mision please give me a hint.please

@blackbestbb root.txt can be found in C:\Users\Administrator\Desktop directory on all Windows boxes.

I used the exploit and it says the user is created but when i try to exploit S** port with W***xe it says authentication failed…

Any tips on what is going wrong? I think the user is not properly created :frowning:

the user “sh4rk” put the root visible for everyone…

Stop resetting the ■■■■ box!
If you get to a point where things don’t work, and you think “I must have to reset the box to fix things”, there’s a 99% chance you’re wrong …