Hello, this is my first box but I got into the webapp quite quickly actually. I googled and found something about the noti******on exploit and command execution. However, the code to be run is already inserted. Am I reading someone else’s work there?
Most likely. I did it on US VIP earlier today, and nothing was there for the thing you mentioned.
Hello, this is my first box but I got into the webapp quite quickly actually. I googled and found something about the noti******on exploit and command execution. However, the code to be run is already inserted. Am I reading someone else’s work there?
Most likely. I did it on US VIP earlier today, and nothing was there for the thing you mentioned.
I had the same experience. I went to make something happen and saw someone else had done exactly what I was about to do haha. So I waited a few seconds and checked on what I was trying to achieve and it was done.
Hi, I’m working on Netmon’s box. I got the user easily and now I’m stuck in Root. Somebody can you give me some clues, please?
Reviewing the files that can be observed through the FTP connection, locate in a PRTG configuration backup file a key supposedly associated to the “prtgadmin” however this credential says it is not valid.
Hello,
I already have the root flag. It’s silly, but until you hit it, and you see the light, you do not see how easy it is. We complicate our lives thinking as technicians.
Hi, I’m working on Netmon’s box. I got the user easily and now I’m stuck in Root. Somebody can you give me some clues, please?
Reviewing the files that can be observed through the FTP connection, locate in a PRTG configuration backup file a key supposedly associated to the “prtgadmin” however this credential says it is not valid.
tomc: if you are new to the HackTheBox, point is to copy the user.txt from some directory of the target machine a paste it in the HTB web of this target Login :: Hack The Box :: Penetration Testing Labs under “Own User” button.
After that, you are supposed to get the hash from the file named root.txt which is located in the root/Administrator own home directory and copy the hash under the button “Own root” at the same page.
This indicate that you gained access both as a user and as a root on the target machine.
@PavelKCZ I realised i had user all along, just made it way too complicated thinking it was where root would be… Now i’m struggling to get root. Got the clear text passwords for the app, but stuck at that point. Really trying to think and get this done without too may hints!
I can’t seem to find the creds everyone is talking about. I have done some research and found the issue with prtg storing creds incorrectly but when I look through the files anything to do with creds is encrypted, anyone willing to give a nudge?
So I obviously grabbed user, and I was able to use the hints here to find what I think is the PW for logging into the webui, but it doesn’t take. What am I missing?
Nvmnd, got the creds. Now I’m stuc on getting root. The exploit I found doesn’t seem to be taking, or at least, it’s not allowing for access via F** as before. Would appreciate a PM with a hint as to what I’m doing wrong here…
Got user, didn’t realize it was that easy… Now I need hints for root if anyone can help, I have discovered the RC* exploit and the creds to get the coo*ie for the exploit. Upon execution exploit everything works well and I have seen the S** service but now I am lost on what my next step is.
Hello guys,
could you pls give me a hint regarding user. I found Con*****n.da* file, there was prtgadmin user, however password looks encrypted. Also, I found an exploit which I need to use, but I do not have some data which I need to catch by Burp with relevant creds for using the exploit.