Netmon

1192022242528

Comments

  • Type your comment> @PurePi said:

    Type your comment> @blackbestbb said:

    Type your comment> @PurePi said:

    Woohoo! Got root and user.
    Good starter box.

    PM me if anyone need hints :)

    bro in netmon active mission.i cant find there root.txt in this mision please give me a hint.please

    @blackbestbb root.txt can be found in C:\Users\Administrator\Desktop directory on all Windows boxes.

    Thanks PurePi, was my first Windows box and only thing left I needed to know is where to find root.txt

    Shoutout to Farbs for all the nudges

  • edited April 18

    what year is it! thank you!

  • I am having two problems

    A.) consistently triggering my script to run on the application.
    B.) I'm unsure if my command is running correctly, or how to confirm that it is.

    Am I on the right track? Any hints

  • Did somebody reset the password again?

    Hack The Box

  • This is a great challenge for any noobs here, as it can be solved following the hints in this thread while learning about a lot of different services and programs affiliated with Windows machines

  • Anyone available to lend a hand with root? I think I've got the right idea but I think executing my plan is where I'm failing. Any help via DM would be great, cheers!

  • guys, I got everything but my reverse shell keeps dying. I just got to root.txt but it died a millisecond before i could read it.
    tried other payloads, other shells, but i'm really at the last step. what am I missing?

  • Finally got it. However people, please stop brute forcing it and rebooting it. That took me the most time. Also I did stare at something and not realize that was what I needed to own user. So don't blast ahead, take your time.

    Hack The Box

  • edited April 19

    i m trying to find cred with f** and use an rc* exploit with the cred, just wonder am i on the right track? i cannot find anything after searching for a few hours with f**. Is there anything to do with the d** file?

  • Historically the credentials were saved somewhere in plain text, you just have to find where that is.

    Hack The Box

  • edited April 20

    fun box

    hints for those stuck on the credentials, you will run into lots of files that look similar but one holds the password in plain text.

    r0t13weiler

  • This was my first box and I had a great time! Root was not as bad as I thought, it's really all the resetting being done that's making life tough.

    My piece of advice would be: Once you get the P*** creds and successfully log in, YOU DO NOT NEED TO CHANGE THE PA******! That just causes more resets and slows things down.

    Do your research on the app, you will find what you need!

  • edited April 22

    Hey there! Thanks for all the tips especially @PavelKCZ ! Newbie here. Netmon would hopefully be my first Active box (did 3 retired via walkthroughs). I'm close to the finish. Already found the user days ago but I got stuck with digging for root for days. Now, got the correct credentials and successfully ran/found the app's exploit. But got stuck again; can't seem to enumerate for the correct a vuln for the service(s) hinted. Would appreciate more hint on this, thanks!

    edit: FINALLY! I've got into root! Netmon, my first active box! :)

    wingsofwax

  • Hello, this is my first box but I got into the webapp quite quickly actually. I googled and found something about the noti******on exploit and command execution. However, the code to be run is already inserted. Am I reading someone else's work there?

  • Why change the password ? Your making this box damn near impassable for others. Stoppppppppp

  • Type your comment> @platfus said:

    Hello, this is my first box but I got into the webapp quite quickly actually. I googled and found something about the noti******on exploit and command execution. However, the code to be run is already inserted. Am I reading someone else's work there?

    Most likely. I did it on US VIP earlier today, and nothing was there for the thing you mentioned.

    Arrexel

  • finally i'm root in my first machine and to @puckloe for help, PM if u need something :smirk:

    gndux

  • Type your comment> @mrb1rd17 said:

    Type your comment> @platfus said:

    Hello, this is my first box but I got into the webapp quite quickly actually. I googled and found something about the noti******on exploit and command execution. However, the code to be run is already inserted. Am I reading someone else's work there?

    Most likely. I did it on US VIP earlier today, and nothing was there for the thing you mentioned.

    I had the same experience. I went to make something happen and saw someone else had done exactly what I was about to do haha. So I waited a few seconds and checked on what I was trying to achieve and it was done.

    Hack The Box

  • Hi, I'm working on Netmon's box. I got the user easily and now I'm stuck in Root. Somebody can you give me some clues, please?

    Reviewing the files that can be observed through the FTP connection, locate in a PRTG configuration backup file a key supposedly associated to the "prtgadmin" however this credential says it is not valid.

    In a forum someone commented that the way was by "remote code execution - RCE" however to apply it I must be authenticated according to this link http://bit.ly/2GbgujZ.

    Somebody could you guide me?

    Cordial greetings

  • Spoiler Removed

  • Hello,
    I already have the root flag. It's silly, but until you hit it, and you see the light, you do not see how easy it is. We complicate our lives thinking as technicians.

  • Type your comment> @InteraxisCA said:

    Hi, I'm working on Netmon's box. I got the user easily and now I'm stuck in Root. Somebody can you give me some clues, please?

    Reviewing the files that can be observed through the FTP connection, locate in a PRTG configuration backup file a key supposedly associated to the "prtgadmin" however this credential says it is not valid.

    In a forum someone commented that the way was by "remote code execution - RCE" however to apply it I must be authenticated according to this link http://bit.ly/2GbgujZ.

    Somebody could you guide me?

    Cordial greetings

    I'm facing the same problem. I have the creds but these are not valid.

    Thanks!

  • Anyone able to point me in the right direction? These Configuration files are huge and nothing obvious is jumping out. Thanks

  • Type your comment> @PavelKCZ said:
    > tomc: if you are new to the HackTheBox, point is to copy the user.txt from some directory of the target machine a paste it in the HTB web of this target https://www.hackthebox.eu/home/machines/profile/177 under "Own User" button.
    >
    > After that, you are supposed to get the hash from the file named root.txt which is located in the root/Administrator own home directory and copy the hash under the button "Own root" at the same page.
    >
    > This indicate that you gained access both as a user and as a root on the target machine.

    @PavelKCZ I realised i had user all along, just made it way too complicated thinking it was where root would be... Now i'm struggling to get root. Got the clear text passwords for the app, but stuck at that point. Really trying to think and get this done without too may hints!
  • Type your comment> @CJ90 said:

    Anyone able to point me in the right direction? These Configuration files are huge and nothing obvious is jumping out. Thanks

    You can search them if you get it into a text file. That might help.

    Hack The Box

  • I can't seem to find the creds everyone is talking about. I have done some research and found the issue with prtg storing creds incorrectly but when I look through the files anything to do with creds is encrypted, anyone willing to give a nudge?

  • The application may have been upgraded since then. Database applications usually create other files while running an upgrade.

    Hack The Box

  • edited April 23

    So I obviously grabbed user, and I was able to use the hints here to find what I think is the PW for logging into the webui, but it doesn't take. What am I missing?

    Nvmnd, got the creds. Now I'm stuc on getting root. The exploit I found doesn't seem to be taking, or at least, it's not allowing for access via F** as before. Would appreciate a PM with a hint as to what I'm doing wrong here...

  • edited April 23

    Got user, didn't realize it was that easy... Now I need hints for root if anyone can help, I have discovered the RC* exploit and the creds to get the coo*ie for the exploit. Upon execution exploit everything works well and I have seen the S** service but now I am lost on what my next step is.

  • Has someone hit reset on the user creds which prevents login for everyone else?

Sign In to comment.