ServMon

Box is easy, but the root part is exceedingly painful. The best tips I can give are:

  • Use Google Chrome (Not chromium or firefox)
  • Don’t overthink the ‘access’
  • Don’t rely on what you’ve found completely (it’s not written very well)

Type your comment> @obi0ne said:

I got user.txt hash, for Nad*** but site wont accept it ?
Is it aiming for user key of Nat*** ?

Directory of C:\Users\Nad***\Desktop

08/04/2020 22:28 .
08/04/2020 22:28 …
14/01/2020 19:08 32 user.txt

if not meant to be this, then why user.txt ??

Some one is probably being silly again, I had the same, the key changed three times had to reset and get it quick, probably best to come back for it later.

Type your comment> @Fidget said:

Type your comment> @obi0ne said:

I got user.txt hash, for Nad*** but site wont accept it ?
Is it aiming for user key of Nat*** ?

Directory of C:\Users\Nad***\Desktop

08/04/2020 22:28 .
08/04/2020 22:28 …
14/01/2020 19:08 32 user.txt

if not meant to be this, then why user.txt ??

Some one is probably being silly again, I had the same, the key changed three times had to reset and get it quick, probably best to come back for it later.

you are right, reset the box, now hash accepted.

Is Pass***s.txt where the file says it is? I can’t retrieve it using the LF… I’ve reset the box and tried imediately after, still no luck.

Type your comment> @Mapperist said:

I found w**.ini but I’m not entirely sure how to use that information or where to go from here. Drawing a blank…

Oh, that’s just how to test the PoC.
Think about what would be helpful to read instead of that file

@Lycist said:
Is Pass***s.txt where the file says it is? I can’t retrieve it using the LF… I’ve reset the box and tried imediately after, still no luck.

It is where the clues say it is

Type your comment

Hello all, im stuck at user, i got 2 .txt from the lowest service, i suppose there is the first step to know what user i need.
After that im stucked because all other services dont let me do anything ( i meain i dont know what to do with them)

Please give me some help, i need a little push to go ahead

Thanks to all, this is a really nice place to learn

Type your comment> @Mapperist said:

I found w**.ini but I’m not entirely sure how to use that information or where to go from here. Drawing a blank…

same

Type your comment> @japimil said:

Hello all, im stuck at user, i got 2 .txt from the lowest service, i suppose there is the first step to know what user i need.
After that im stucked because all other services dont let me do anything ( i meain i dont know what to do with them)

Please give me some help, i need a little push to go ahead

Thanks to all, this is a really nice place to learn

Ask searchsploit for help :wink:

I’m stuck in the d******* *****l part which I can view some files, for example, w.i but I think it just PoC as I see someone just said in the forum also it basically doesn’t have much useful information inside and I found something like sym.i can even found the ns-***0.**e itself but I think its probably not the thing I need. I try to enumerate many “useful” files locations but it just keeps giving me tons of 404.

Hey everyone, I asked a few of you for nudges, and so far it has gotten me to the part where I use my browser and SSH. I keep getting a “Connection was reset” error on firefox and a “This page isnot working, l****h**t didn’t send any data; ERR_EMPTY_RESPOSE” on a blink based browser as I saw recommended above. I have double checked my SSH statement with others but I cannot seem to proceed further. (I am using the Free version for now)

Is there a reason why i cannot even curl N*******++ locally, logged in as N*****? All i get is failed to connect. Also tunneling to port 80 works fine but when i switch to 8*** i get nothing. I saw some people had similar problems, was this a connection problem or am i missing something?

Same issue here… I can tunnel to port 80 fine, but using same settings for 8*** not ., getting: ERR_EMPTY_RESPONSE… Also could not curl login page from within N*** shell…
Is it something stupid i miss here or the web is not that stable ?

Finally rooted,
Tips: For root make sure you have a the right nc listener & experiment with how to properly reload modules without resetting the box. If anyone needs a nudge shoot me a DM
Cj4days

Stop reseting that box plz. and delete others files

So I rooted this one, but I’m not sure if I’m doing something wrong because every other time I try to root it, it seems that restarting the service from the GUI either works fine, or totally breaks the machine and requires a box reset…anyone else having this issue/know how to fix it?

Type your comment> @marlasthemage said:

So I rooted this one, but I’m not sure if I’m doing something wrong because every other time I try to root it, it seems that restarting the service from the GUI either works fine, or totally breaks the machine and requires a box reset…anyone else having this issue/know how to fix it?

till now I can’t get root because someone delete files and timeout

i would like to clarify the synxtax for *****++ web interface, if someone can inbox me plz.

Ignore my earlier comment! You’ll save yourself a lot of pain if you do it via API, rather than browser