Netmon

1181921232428

Comments

  • edited April 13

    Woohoo! Got root and user.
    Good starter box.

    PM me if anyone need hints :)

  • Hello, I have got the user hash and have got access in F** as a user however I am confused where i should look for the Root creds. Can someone please help me with this as i'm stuck 😂

  • For root,
    Here are some tips:
    1) Identify other services that are running apart from that on p80
    2) Google vulnerabilities of the app version running on the box. Through this, you will get access to the app.
    3) After that use hint from @PavelKCZ.
    4) Get into the box via the service identified in step 1 above.

    Hope this helps.

  • About root access, I was able to recover the password (or at least I'm pretty sure it is correct) but I couldn't log in, is this normal?

    Should it be used for the exploit only?

  • Please, for the love of all that is unholy, stop changing the creds and STOP THROWING THE DOS

  • Type your comment> @shellsmoke said:

    Please, for the love of all that is unholy, stop changing the creds and STOP THROWING THE DOS

    Seriously... It's more frustrating than not getting the root hash lol

  • edited April 14

    This box is definitely making me work!

    Edit: Rooted!

  • As most have started above I was able to get User pretty Easy. I'm having trouble getting Root however. I was able to find the "blog post" but can't seem to get it to work properly. Any help would be appreciated!

  • Need some guidance if anyone is willing to assist! Been trying to get root now for a couple of days and it's killing me. I've kept a list of avenues I've been looking into, I would like to know if I'm on the right track or not.

  • @und3rsc0r3labs said:
    As most have started above I was able to get User pretty Easy. I'm having trouble getting Root however. I was able to find the "blog post" but can't seem to get it to work properly. Any help would be appreciated!

    was finally able to get root after multiple days!

    best advice I can give is read read read. I tried to rush things because it was marked "easy". After getting stuck on multiple things I stopped and started reading parts of the application I was messing with and everything slowly started falling into place.

  • Type your comment> @PurePi said:

    Woohoo! Got root and user.
    Good starter box.

    PM me if anyone need hints :)

    bro in netmon active mission.i cant find there root.txt in this mision please give me a hint.please

  • please little help on root here: im logged in as an authenticated user to the ovbious pannel and i know RCE vuln is available ive enumerated and know exactly what to do however the problem is im not usre how to do that in terms of the HTTP Sensors etc please can some one help me or hint me

  • ROOT! Thanks everyone for the tips. All I can say is RTFM.

  • If anyone is giving FIreeye's Commando VM a tour when doing this box, make sure you don't accidentally let Windows Defender block a key application. Wasted 30 minutes as to why **p commands were only partially working...

    register

  • Type your comment> @blackbestbb said:

    Type your comment> @PurePi said:

    Woohoo! Got root and user.
    Good starter box.

    PM me if anyone need hints :)

    bro in netmon active mission.i cant find there root.txt in this mision please give me a hint.please

    @blackbestbb root.txt can be found in C:\Users\Administrator\Desktop directory on all Windows boxes.

  • I used the exploit and it says the user is created but when i try to exploit S** port with W***xe it says authentication failed...

    Any tips on what is going wrong? I think the user is not properly created :(

  • edited April 15

    the user "sh4rk" put the root visible for everyone...

  • Stop resetting the damn box!
    If you get to a point where things don't work, and you think "I must have to reset the box to fix things", there's a 99% chance you're wrong ...

  • Type your comment> @PurePi said:

    Type your comment> @blackbestbb said:

    Type your comment> @PurePi said:

    Woohoo! Got root and user.
    Good starter box.

    PM me if anyone need hints :)

    bro in netmon active mission.i cant find there root.txt in this mision please give me a hint.please

    @blackbestbb root.txt can be found in C:\Users\Administrator\Desktop directory on all Windows boxes.

    bro but administrator acess in denied bro what i can do bro

  • Total n00b could use some guidance on figuring out my first box.

  • First box rooted! Thanks all. PM me if anyone needs hints.

  • I need assistance. I feel like I should be able to use the new credentials I got as a result of the exploit, but it doesn't work anywhere.

    Thanks!

  • I' m stuck at credentials part could someone pm me a hint?

  • Some assistance - i have access to the app, i have an exploit that is supposed to be creating a .txt file in some public directory - but the file is not being created..... is this permissioning in the directory or is the exploit not running right - it appears to contain minimum error checking - can anyone offer a pointer?

  • Nudge please via PM. I have executed the exploit script and the user has been added but struggling to get access via the service s**. Gentle nudge if possible. THanks

  • Type your comment> @Manb4t said:

    Nudge please via PM. I have executed the exploit script and the user has been added but struggling to get access via the service s**. Gentle nudge if possible. THanks

    Same here. I exploited, but not able to login to service.

  • There can be problems with server reset between exploit script execution and subsequent work under the newly added user.

    But you can put both things in one shell script and execute this form of attack. In such case, the new user is created and just after that, the second part of attack is executed as soon as possible.

    Summa scientia, nihil scire.

  • Type your comment> @PavelKCZ said:

    There can be problems with server reset between exploit script execution and subsequent work under the newly added user.

    But you can put both things in one shell script and execute this form of attack. In such case, the new user is created and just after that, the second part of attack is executed as soon as possible.

    but if the file is not getting created tehn the exploit didn't work - correct?

  • I don't know. I never used any "file creation" exploit and I definitely did not used any artificially created *.txt file anywhere.

    Summa scientia, nihil scire.

  • hi guys

    this box is the first one I do here on this site, so I can still learn a lot, and so I enjoy the learning process immensely.

    I have searched and found a lot to get root. user was not a problem at all, but now I'm really stuck.

    found an exploit via google but, I get stuck here must take a step and have to verify it before I can continue. someone a hint or tip.

    you would help me a lot with it

Sign In to comment.