ServMon

Nice box for a few hours, easiest on here…just wish people wouldn’t change the flags

Type your comment> @dafish73113 said:

could someone help me with what the username is for the login portal on port 80 is? i have the password for it from the N*****t files

i think it’s not necessary :sweat_smile:

■■■ thanks yeah wrong area WOOPS. loving the broken webpages tho, and the error 403 even tho i just double checked the password :)))))))

Spoiler Removed

Type your comment> @interlight said:

Hey,

I have the passwords too, but I don’t know where to use theses…

I tryied FTP, SMB and HTTP, no one let me in.

Could someone give me some help ? :smile:

Which other service can use those creds

It’s really sad to know that there are people who are not familiar with ssh and its powerful features, this is part of the bases for being a good pentester.

It is very sad even when a number of 8 out of 10 people who ask for the solution, rather than a little help.

foxlox
for nudges on discord foxlox#1089
please don’t ask for solutions but little hints

Type your comment> @foxlox said:

It’s really sad to know that there are people who are not familiar with ssh and its powerful features, this is part of the bases for being a good pentester.

It is very sad even when a number of 8 out of 10 people who ask for the solution, rather than a little help.

foxlox
for nudges on discord foxlox#1089
please don’t ask solutions but little hints

Couldn’t agree more!

hmmm, whenever I try to tunnel to some web page to be of an allowed host, I get a PR_END_OF_FILE_ERROR in my browser.
Can anyone give me a hint on whether I’m on the right track to root, and if I do something stupidly wrong with my tunneling?

stuck at foothold feel dumb dont know ■■■■ on windows, could use some help !

I just started this box today, and I have to ask already. Is it unstable?

I keep losing visibility of the website. Checking the shoutbox, it isn’t due to restarts.

Is the webserver being messed with?

Edit: NM - Just read that there is a reset function available within the webapp. Thanks @DarkCoderSc

Got the user very easily

I know what I have to do for root, but cannot get stable connection with ++.
Does anyone know why its happening.

Maybe I am using Free server? or something else

Type your comment> @unmesh836 said:

Got the user very easily

I know what I have to do for root, but cannot get stable connection with ++.
Does anyone know why its happening.

Maybe I am using Free server? or something else

Seems like many are reloading the web app config even though it’s not needed. When they do, you get to login again…and again, and again, and again :smile:

Type your comment> @CrimsonFlea said:

Type your comment> @unmesh836 said:

Got the user very easily

I know what I have to do for root, but cannot get stable connection with ++.
Does anyone know why its happening.

Maybe I am using Free server? or something else

Seems like many are reloading the web app config even though it’s not needed. When they do, you get to login again…and again, and again, and again :smile:

But I don’t even get the login prompt . Only the nav bar.

Only 1 in 10 attempts I can see login . That to fails because of some error. :frowning:

Type your comment> @unmesh836 said:

Type your comment> @CrimsonFlea said:

Type your comment> @unmesh836 said:

Got the user very easily

I know what I have to do for root, but cannot get stable connection with ++.
Does anyone know why its happening.

Maybe I am using Free server? or something else

Seems like many are reloading the web app config even though it’s not needed. When they do, you get to login again…and again, and again, and again :smile:

But I don’t even get the login prompt . Only the nav bar.

Only 1 in 10 attempts I can see login . That to fails because of some error. :frowning:

Same man, my net speed is only 256kbps again using free vpn. Don’t know is there any luck on this machine today!

Definitely try to access the webGUI in chromium, avoid firefox.

Type your comment> @fleitner said:

hmmm, whenever I try to tunnel to some web page to be of an allowed host, I get a PR_END_OF_FILE_ERROR in my browser.
Can anyone give me a hint on whether I’m on the right track to root, and if I do something stupidly wrong with my tunneling?

I get this error too, even though I’m using the same method as before when I had it working. Sometimes it works, sometimes it doesn’t - I really can’t give you an explanation unfortunately. I think this may be a weird Windows SSH thing?

.> @Bokanovitch said:

c:\user\administrator>whoami
whoami
nt authority\system

I really like this box ! Despite its simplicity, manage to learn something very usefull !

You guys are harsh with the rating

This is probably the third time in recent memory where boxes have had unreliable exploits, and are then rated “Hard” or “Medium” because no-one can pull the exploits off initially and end up wasting hours chasing other avenues… So, I’m sorry, but no the rating is probably what it should be. I don’t like having my time wasted.

Type your comment> @unmesh836 said:

Type your comment> @CrimsonFlea said:

Type your comment> @unmesh836 said:

Got the user very easily

I know what I have to do for root, but cannot get stable connection with ++.
Does anyone know why its happening.

Maybe I am using Free server? or something else

Seems like many are reloading the web app config even though it’s not needed. When they do, you get to login again…and again, and again, and again :smile:

But I don’t even get the login prompt . Only the nav bar.

Only 1 in 10 attempts I can see login . That to fails because of some error. :frowning:

The problem is likely local and may require tunnel vision to solve.

Type your comment> @CrimsonFlea said:

Type your comment> @unmesh836 said:

Type your comment> @CrimsonFlea said:

Type your comment> @unmesh836 said:

Got the user very easily

I know what I have to do for root, but cannot get stable connection with ++.
Does anyone know why its happening.

Maybe I am using Free server? or something else

Seems like many are reloading the web app config even though it’s not needed. When they do, you get to login again…and again, and again, and again :smile:

But I don’t even get the login prompt . Only the nav bar.

Only 1 in 10 attempts I can see login . That to fails because of some error. :frowning:

The problem is likely local and may require tunnel vision to solve.

Yes. Doing that from start but still problem persist. I think I will try it after some days, when traffic would have reduced.

Hints:

User: at first it looks almost like a ctf, enumerate the ports and focus on the “small” ones, you will easily find interesting information to use against another “small” port. The rest is straightforward, look for the first service you see and search on the internet.

Root: Slightly more complex, the machine runs another different service, search about it and “try harder”. If you receive a 403 at the access is because your network probably shouldn’t have access to that service, get help maybe by going through a tunnel. Forget the reload button and wait. Perform the procedure multiple times if you fail. Sooner or later it will work.

EDIT: As for privilege escalation, you will find very simple instructions on the internet, follow them but also use your head. Everything must be customized according to the machine.

rooted! wasnt too bad today. pretty straight forward attack path overall and good resources online.

No need for any restarts or reboots on root