Netmon

so ive owned user and iv got creds for the web app im assuming folk are messing with the web app login password?

please any help
I get user pass but I don’t have any idea about root access

So got into Web app and I’m fairly sure how to get root just need help with the correct formatting if anyone gets what I mean??
Trying not to give too much away

Can Anyone Help me getting username password? I am stuck!! Searched everything.

i have searched through multiple .dat files in multiple locations but everything i see seems to be . am i missing something or are those not the right files to be looking for?

Read the user and root submission pages it tells you what you need to find there when it comes to file type

hello,
i got user, and also the creds for the site, i’m logged in and trying to figure out how to run the notification to get the key.
or am i looking at the wrong thing?

finally found the credentials and now i cannot access the application. I was able to browse to the app on port 80 yesterday and now it looks like it was reverted about two hours ago so i guess there’s something else that needs to be done after getting the creds to access the application? could someone give me a DM, im kinda at a loss here…

Hi, i have found the credentials and used an exploit I found to create a user on the box. I verified it worked but cannot find a way to login. I guess i am supposed to do it through S***ba but it seems I am missing a step or two. Someone PM me, No Spoilers please. Thanks.

I found the creditials. Change the appropriate number to make it correct, but still seems to not be working. Could it mean it needs a reset?

Hello,

I found some files (P*** c********.d**), which contain a user and passwords, but they don’t work. Dunno what everyone means with “changing appropriate number”. Guess I am looking in the wrong place. Can someone help, please?

Finally got the root.
It is quite easy for user. Keep enumerating and think more when getting relevant information about the user.

Root is a bit tricky. Get more research for the web app would help a lot.

Literally like two steps from root and someone keeps changing the password -_-

@Harbinger said:
Hello,

I found some files (P*** c********.d**), which contain a user and passwords, but they don’t work. Dunno what everyone means with “changing appropriate number”. Guess I am looking in the wrong place. Can someone help, please?

If the log is a backup from 2018 than what has changed since then…

Hey guys, so I’ve rooted the box. I just want to know if there is a way to do a reverse shell? If so, would you mind telling me how to do it? Thanks in advance :slight_smile:

Fun box, kudos to the creator!

can someone pm regarding help on this box, i got user flag and also got the .d*t file but just cant see any credentials

I had a ton of fun with this one. User flag was redonkulously easy, after I stopped overthinking the FTP issue (brute force isnt necessary). Root flag took a bunch of research and thinking asymmetrically, but it wasnt too bad in the end.

User flag hint: Guy Fawkes Mask Login Creds for the FTP
Root flag hint: GREP through the the PRTG config files, find plaintext creds, ensure they are “up to date”, and then use PRTG for sys cred magic.

Im new, so tell me to STFU if im divulging too much @_@

I really dont get it. Im searching for the web creds since hours, already found some plaintext creds in one of those c*****.d** files, but nothing works to login. Do I have to make changes somehow ?

Nevermind rooted :wink:

Hello all.
I am quite confused with getting the creds for the WebApp.
Not quite sure if I got the right password from the d** files and not working due to the fact that some people do constantly change the password or if I am getting it completely wrong.
Could someone offer me a piece of help? :slight_smile:
Thank you in advance!

Type your comment> @Arrow said:

Hello all.
I am quite confused with getting the creds for the WebApp.
Not quite sure if I got the right password from the d** files and not working due to the fact that some people do constantly change the password or if I am getting it completely wrong.
Could someone offer me a piece of help? :slight_smile:
Thank you in advance!

From what you are saying sounds like you are looking in the right place just find the right d** file (it will have the creds) and then look at the time it was saved (Trying not to give it away) :wink: