ServMon

Type your comment> @Mapperist said:

I found w**.ini but I’m not entirely sure how to use that information or where to go from here. Drawing a blank…

same

Type your comment> @japimil said:

Hello all, im stuck at user, i got 2 .txt from the lowest service, i suppose there is the first step to know what user i need.
After that im stucked because all other services dont let me do anything ( i meain i dont know what to do with them)

Please give me some help, i need a little push to go ahead

Thanks to all, this is a really nice place to learn

Ask searchsploit for help :wink:

I’m stuck in the d******* *****l part which I can view some files, for example, w.i but I think it just PoC as I see someone just said in the forum also it basically doesn’t have much useful information inside and I found something like sym.i can even found the ns-***0.**e itself but I think its probably not the thing I need. I try to enumerate many “useful” files locations but it just keeps giving me tons of 404.

Hey everyone, I asked a few of you for nudges, and so far it has gotten me to the part where I use my browser and SSH. I keep getting a “Connection was reset” error on firefox and a “This page isnot working, l****h**t didn’t send any data; ERR_EMPTY_RESPOSE” on a blink based browser as I saw recommended above. I have double checked my SSH statement with others but I cannot seem to proceed further. (I am using the Free version for now)

Is there a reason why i cannot even curl N*******++ locally, logged in as N*****? All i get is failed to connect. Also tunneling to port 80 works fine but when i switch to 8*** i get nothing. I saw some people had similar problems, was this a connection problem or am i missing something?

Same issue here… I can tunnel to port 80 fine, but using same settings for 8*** not ., getting: ERR_EMPTY_RESPONSE… Also could not curl login page from within N*** shell…
Is it something stupid i miss here or the web is not that stable ?

Finally rooted,
Tips: For root make sure you have a the right nc listener & experiment with how to properly reload modules without resetting the box. If anyone needs a nudge shoot me a DM
Cj4days

Stop reseting that box plz. and delete others files

So I rooted this one, but I’m not sure if I’m doing something wrong because every other time I try to root it, it seems that restarting the service from the GUI either works fine, or totally breaks the machine and requires a box reset…anyone else having this issue/know how to fix it?

Type your comment> @marlasthemage said:

So I rooted this one, but I’m not sure if I’m doing something wrong because every other time I try to root it, it seems that restarting the service from the GUI either works fine, or totally breaks the machine and requires a box reset…anyone else having this issue/know how to fix it?

till now I can’t get root because someone delete files and timeout

i would like to clarify the synxtax for *****++ web interface, if someone can inbox me plz.

Ignore my earlier comment! You’ll save yourself a lot of pain if you do it via API, rather than browser

Ok… everyone. I have to say, after watching my machine for a couple of days now and it get slated, it is clear people do not understand the application. When installing said application, it is restricted. This can be changed via API. The threads of the service can be changed also which allows multiple users. The application has been installed with default options as one would expect by an IT, supposed pro. Look at the config, stop moaning about lack of access, investigate why, somewhat helps, it all becomes obvious after looking at the “web server” settings.

@clubby789, will that stop the box breaking after restarting the service?

got a set of 7 passwords but these work on neither login page. should any of these work on the n******++ login page?

@zaphoxx, when you find passwords try them everywhere and with everyone!

Been trying to get root for the past few hours. Every ~20min someone reboots the box, this is ridiculous. It’s either super slow because someone is bruteforcing it (not necessary) or someone is rebooting it for no reason. The last step is a joke with a lot of people doing the same thing at the same time and breaking each other’s steps. Sigh…

Type your comment> @marlasthemage said:

@zaphoxx, when you find passwords try them everywhere and with everyone!

nvm, i did the same things again and now it worked immediately. thx anyways

I have explained in the discord HTB group already about this. This box is not a simple follow CVE. Please read the manual. There are methods to achieve what you need without said service. Reading the docs explains so much more. Thank you

Type your comment> @gu4r15m0 said:

Can’t get it to work, and the service keeps crashing, plus all the resets…
I guess I’ll try again down the week.

PM me if you’re still stuck