Netmon

fun box

hints for those stuck on the credentials, you will run into lots of files that look similar but one holds the password in plain text.

This was my first box and I had a great time! Root was not as bad as I thought, it’s really all the resetting being done that’s making life tough.

My piece of advice would be: Once you get the P*** creds and successfully log in, YOU DO NOT NEED TO CHANGE THE PA******! That just causes more resets and slows things down.

Do your research on the app, you will find what you need!

Hey there! Thanks for all the tips especially @PavelKCZ ! Newbie here. Netmon would hopefully be my first Active box (did 3 retired via walkthroughs). I’m close to the finish. Already found the user days ago but I got stuck with digging for root for days. Now, got the correct credentials and successfully ran/found the app’s exploit. But got stuck again; can’t seem to enumerate for the correct a vuln for the service(s) hinted. Would appreciate more hint on this, thanks!

edit: FINALLY! I’ve got into root! Netmon, my first active box! :slight_smile:

Hello, this is my first box but I got into the webapp quite quickly actually. I googled and found something about the noti******on exploit and command execution. However, the code to be run is already inserted. Am I reading someone else’s work there?

Why change the password ? Your making this box ■■■■ near impassable for others. Stoppppppppp

Type your comment> @platfus said:

Hello, this is my first box but I got into the webapp quite quickly actually. I googled and found something about the noti******on exploit and command execution. However, the code to be run is already inserted. Am I reading someone else’s work there?

Most likely. I did it on US VIP earlier today, and nothing was there for the thing you mentioned.

finally i’m root in my first machine and to @puckloe for help, PM if u need something :smirk:

Type your comment> @mrb1rd17 said:

Type your comment> @platfus said:

Hello, this is my first box but I got into the webapp quite quickly actually. I googled and found something about the noti******on exploit and command execution. However, the code to be run is already inserted. Am I reading someone else’s work there?

Most likely. I did it on US VIP earlier today, and nothing was there for the thing you mentioned.

I had the same experience. I went to make something happen and saw someone else had done exactly what I was about to do haha. So I waited a few seconds and checked on what I was trying to achieve and it was done.

Hi, I’m working on Netmon’s box. I got the user easily and now I’m stuck in Root. Somebody can you give me some clues, please?

Reviewing the files that can be observed through the FTP connection, locate in a PRTG configuration backup file a key supposedly associated to the “prtgadmin” however this credential says it is not valid.

In a forum someone commented that the way was by “remote code execution - RCE” however to apply it I must be authenticated according to this link PRTG Network Monitor 18.2.38 - (Authenticated) Remote Code Execution - Windows webapps Exploit.

Somebody could you guide me?

Cordial greetings

Spoiler Removed

Hello,
I already have the root flag. It’s silly, but until you hit it, and you see the light, you do not see how easy it is. We complicate our lives thinking as technicians.

Type your comment> @InteraxisCA said:

Hi, I’m working on Netmon’s box. I got the user easily and now I’m stuck in Root. Somebody can you give me some clues, please?

Reviewing the files that can be observed through the FTP connection, locate in a PRTG configuration backup file a key supposedly associated to the “prtgadmin” however this credential says it is not valid.

In a forum someone commented that the way was by “remote code execution - RCE” however to apply it I must be authenticated according to this link PRTG Network Monitor 18.2.38 - (Authenticated) Remote Code Execution - Windows webapps Exploit.

Somebody could you guide me?

Cordial greetings

I’m facing the same problem. I have the creds but these are not valid.

Thanks!

Anyone able to point me in the right direction? These Configuration files are huge and nothing obvious is jumping out. Thanks

Type your comment> @PavelKCZ said:

tomc: if you are new to the HackTheBox, point is to copy the user.txt from some directory of the target machine a paste it in the HTB web of this target Login :: Hack The Box :: Penetration Testing Labs under “Own User” button.

After that, you are supposed to get the hash from the file named root.txt which is located in the root/Administrator own home directory and copy the hash under the button “Own root” at the same page.

This indicate that you gained access both as a user and as a root on the target machine.

@PavelKCZ I realised i had user all along, just made it way too complicated thinking it was where root would be… Now i’m struggling to get root. Got the clear text passwords for the app, but stuck at that point. Really trying to think and get this done without too may hints!

Type your comment> @CJ90 said:

Anyone able to point me in the right direction? These Configuration files are huge and nothing obvious is jumping out. Thanks

You can search them if you get it into a text file. That might help.

I can’t seem to find the creds everyone is talking about. I have done some research and found the issue with prtg storing creds incorrectly but when I look through the files anything to do with creds is encrypted, anyone willing to give a nudge?

The application may have been upgraded since then. Database applications usually create other files while running an upgrade.

So I obviously grabbed user, and I was able to use the hints here to find what I think is the PW for logging into the webui, but it doesn’t take. What am I missing?

Nvmnd, got the creds. Now I’m stuc on getting root. The exploit I found doesn’t seem to be taking, or at least, it’s not allowing for access via F** as before. Would appreciate a PM with a hint as to what I’m doing wrong here…

Got user, didn’t realize it was that easy… Now I need hints for root if anyone can help, I have discovered the RC* exploit and the creds to get the coo*ie for the exploit. Upon execution exploit everything works well and I have seen the S** service but now I am lost on what my next step is.

Has someone hit reset on the user creds which prevents login for everyone else?