Netmon

Hello,

can someone help me? I found the *****n.dat. I found a user but no password.

Hey everyone, Stuck trying to get this box. It my second box here but I have enumerated this box. I did have a slip up due to someone place multiple P*** N.dat files in multiple locations. I may be overlooking it because grep these files are ugly. I also check the old and the back file as well. grep command is grep -A3 user, I also try grep with password just a ■■■■ ton of tags and nothing under them. I confirm the files I pulled were correct based on my search PRTG. They have several post on where the goodies are located. c:\P*****\ I also played with the defaults with some guesses like the recent years but still nothing. I know I feel like Pn9 as it takes longer to try and authenticate but still get invalid. am I still off or is someone messing with the box? any additional tips would be a big help special for the learning experience.

User and Rooted. If you can’t get user, don’t overlook simple things. Make sure you are seeing ALL the files, too. Root was a bit trickier, but easy once you research the web app on Google. A nice blog post exists which pretty much lays it out there.

Rooted today, was a pretty good box user super easy

I found the creds and also made the necessary modifications. But it still doesn’t work for some reason. Can anyone help ?

Just rooted this fun box!! PM if you need any hints.

nevermind, the password I found does work. The box must have been having issues. got it to work last night

Tips for Hackers:

User
If you do a good job enumerating this box with the access it provides, you will find the user.txt

Root
While fairly simple in concept, if you aren’t careful with your tooling and creative thinking you will run into a number of problems. Here are a few hints that would have saved me hours…

  1. Ensure your method of browsing the file system can see hidden files. This is important otherwise you will miss what you need to get into that admin portal
  2. I had trouble figuring out what the hints about “think like a user” and “time is important/what year is it?” meant - if you end up ripping your hair out trying to get into that admin portal - ponder these at length - FYI
  3. Remember that DDoS isn’t allowed on HTB so keep this in mind when searching for the right CVE to use
  4. Think about what the CVE gave you - go back to your original enum to figure out where to use it

Good Luck!

Spoiler Removed

I’m a little lost on the cookie aspect, Would someone please PM me with a little guidance. Just want to see if I’m in the right direction. I’m pretty sure I can just grab the flag, but I want to do it a different way and the cookie path would get me there…

I grabbed the flag, but would still like someone to help me with the cookie and exploit path. I really like to learn as much about each box as I can, so you would be doing me a solid…

user is easy , root is F…
i cant root this …
i see the 2 file but not work … are in ASCII

It can be rooted, Make sure to read all the previous comments including mine. . If you found what you think you found. It should be the only possible creds to find on the box. you may need to play with it but once you able to log into the console. research and use the needed to get to root. unfortunately, you may even need to reboot the box if your on the free server, some people are doing all kinds of stuff to that box so it makes it hard to pop.

I found on the internet that some issue on PRTG <= v18.1.37 can cause “plain text password” in C*********.dat and C*********.old but I only see encrypted password flag.
I can’t find any plain text password…
Any hint please ? :confused:

UPDATE: got the password, need glasses XD but password don’t works :frowning:
UPDATE: Think ! Got it !

Rooted very nice machine to learn more about windows.
DM me if you need

USER: easy, needs just enumeration.
Root:
1- first browse the ftp folders with tools which allow you to see hidden files and folder if not you’ll waste hours.
2- pay attention to for grabbing info from files you found.
3- for exploiting the app just read carefully what you need to do manually so that the exploit works.

Got user. Been working on root via N***** C****** I*****. I configure N******** with C****** I********* and assign it to the failing sensor. But no dice. I do see in logs “Error sending EXE: The user name or password is incorrect” … tried both in N******* setup the one in ********.dat and enum used for GUI login. Could someone get me unstuck please? PM please.

User was easy, just had to look around. Root was not hard but had to understand the exploit and gain access to the web UI.

Just got root on this one after a long process of trial and error. Really interesting box much appreciated.

hey, i have some trouble finishing the last steps getting root. could somebody help me? :wink:

Please PM me.
Cant find the credentials … Im about to die

Struggling to get root access.
Found creds in ***.**d.bk. However, upon trying these credentials in FTP/SMB/webapp I was unable to gain access to any. And yes, I changed the password to ********9, am I a gargantuan dumbo or what gives?