ServMon

Sorry to the creator, but this box is definitively the worse box I’ve ever done on HackTheBox, it could be interesting if the final web application wasn’t that much unstable even in VIP.

Really bad choice.

I don’t know if it can help, but don’t use FireFox or FireFox forks for Web Panel, use something based on Blink/webkit instead (Chrome / Opera etc…) it seems to be less prone to errors…

Dude i can’t even load the login page It’s freaking

Trying to access the web UI, all I get is connection was reset.

It is horrible with the performance of this box :smile:

I have followed the steps of exploitation but no rev.shell…

Can anyone PM me about the t****l setup? I keep getting a 403 on the webapp even when it seems to work.

Type your comment> @roelvb said:

It is horrible with the performance of this box :smile:

I have followed the steps of exploitation but no rev.shell…

HIFI broo

Rooted,
All the tips have already been said,
PM if you need help :slight_smile:

Got user, very simple and straightforward using basic enumeration. But I’m blocked by the server on my way to root. Any hints for bypassing the 43? Do I need openl to create a trusted c? Thanks.

Edited: nvm, got it, no need to create any c***.

HTB Members, please :

  • Don’t edit other members scripts, it is a very bad and unrespectful shortcut.
  • DO NOT click on Reload button on the web app, it is useless and crash the web service.

Thanks in advance

finally got root after lots of instability at the priv-esc stage. agree with points above - the “reload” button causes a webservice crash - it’s not needed to get root.

Removed for stupidity.

Got 7 possible creds, tried all of them in the login portal with usernames an, Nn, N***e, but no luck :(. Any help?

Type your comment> @spasimir21 said:

Got 7 possible creds, tried all of them in the login portal with usernames an, Nn, N***e, but no luck :(. Any help?

What ports are open?

removed

Spoiler Removed

Type your comment> @spasimir21 said:

Type your comment> @ls4cfk said:

Type your comment> @spasimir21 said:

Got 7 possible creds, tried all of them in the login portal with usernames an, Nn, N***e, but no luck :(. Any help?

What ports are open?

21, 22, 135, 139, 445, 80, 5666, 6699 - currently running full port SYN scan

You’re already missing at least one that a regular nmap should have picked up.

@spasimir21 He meant, can you use the credentials elsewhere instead of the login portal??

Type your comment> @hammerzeit said:

Type your comment> @spasimir21 said:

Type your comment> @ls4cfk said:

Type your comment> @spasimir21 said:

Got 7 possible creds, tried all of them in the login portal with usernames an, Nn, N***e, but no luck :(. Any help?

What ports are open?

21, 22, 135, 139, 445, 80, 5666, 6699 - currently running full port SYN scan

You’re already missing at least one that a regular nmap should have picked up.

Full scan finished and the new ones are - 5040, 6063, 7680, 49664, 49665, 49666, 49667, 49668, 49669, 49670

Spoiler Removed

Really who had the great idea to make a box with a exploit that needs a reboot???
And even if u don’t need to many will still follow the exploit step by step.
This is just asking for trouble.