ServMon

@zaphoxx, when you find passwords try them everywhere and with everyone!

Been trying to get root for the past few hours. Every ~20min someone reboots the box, this is ridiculous. It’s either super slow because someone is bruteforcing it (not necessary) or someone is rebooting it for no reason. The last step is a joke with a lot of people doing the same thing at the same time and breaking each other’s steps. Sigh…

Type your comment> @marlasthemage said:

@zaphoxx, when you find passwords try them everywhere and with everyone!

nvm, i did the same things again and now it worked immediately. thx anyways

I have explained in the discord HTB group already about this. This box is not a simple follow CVE. Please read the manual. There are methods to achieve what you need without said service. Reading the docs explains so much more. Thank you

Type your comment> @gu4r15m0 said:

Can’t get it to work, and the service keeps crashing, plus all the resets…
I guess I’ll try again down the week.

PM me if you’re still stuck

I believe all the resets are caused by people following a certain set of steps found in a popular website…

Those steps are NOT accurate in this case, and cause issues.

Before you follow them, take a minute to look around. You will see that some steps are inaccurate, and some are just not necessary at all.

The number of concurrent users should not be a problem, if things are done properly.

Happy to help/contrast/compare/verify :slight_smile:

Someone help me to exploit the vulnerability to increase privileges, I’m trying to schedule the execution of my payload but it doesn’t work, I’m already in the last step for the shell system, help!

Rooted. Personally, I think that this box is good to learn some basic concepts, nothing more.
User: maybe what seems to be empty is hiding something. Maybe you can go in other places, just try.
Root: read the configuration file to bypass the 403 and then follow searchsploit.

Rooted, finally. I have used the service to do it. Hardest part was messing around with said service with so many people changing things at the same time. I have tried other ways to root it but failed them all. It was fun, as a beginner pentester.

Finally resetting dudes gone and root.

C:\Users\Administrator>whoami && hostname
whoami && hostname
nt authority\system
ServMon

I found two file in ftp server but I could not get any info out of them i tried to use type to read but no luck. Any help !

Type your comment> @N00p said:

I found two file in ftp server but I could not get any info out of them i tried to use type to read but no luck. Any help !

// Using “get” to download the file into your local system.

Type your comment> @iriniu said:

Type your comment> @N00p said:

I found two file in ftp server but I could not get any info out of them i tried to use type to read but no luck. Any help !

// Using “get” to download the file into your local system.

I tried before it says access denied

Type your comment> @N00p said:

Type your comment> @iriniu said:

Type your comment> @N00p said:

I found two file in ftp server but I could not get any info out of them i tried to use type to read but no luck. Any help !

// Using “get” to download the file into your local system.

I tried before it says access denied

try mget *

Type your comment> @N00p said:

Type your comment> @iriniu said:

Type your comment> @N00p said:

I found two file in ftp server but I could not get any info out of them i tried to use type to read but no luck. Any help !

// Using “get” to download the file into your local system.

I tried before it says access denied

// PM u.

nice box
thank you @dmw0ng.

Oops! Said too much?!
Rooted

Team,

I have user.txt and working rather diligently on root. I have the password for the ++ service, however, I have absolutely no clue where to go next. Any advice would be fabutastic. Also, I am getting that 403 under https!

Not all details are properly documented in the CVE, there’s another way to do it without web gui. Read the docs.

Type your comment> @W4rF4ther said:

Team,

I have user.txt and working rather diligently on root. I have the password for the ++ service, however, I have absolutely no clue where to go next. Any advice would be fabutastic. Also, I am getting that 403 under https!

check the file you have ++ and you need to look through Tunnel vision