ServMon

17810121330

Comments

  • Same issue here.. I can tunnel to port 80 fine, but using same settings for 8*** not ., getting: ERR_EMPTY_RESPONSE.. Also could not curl login page from within N*** shell..
    Is it something stupid i miss here or the web is not that stable ?

  • Finally rooted,
    Tips: For root make sure you have a the right nc listener & experiment with how to properly reload modules without resetting the box. If anyone needs a nudge shoot me a DM
    Cj4days

  • Stop reseting that box plz. and delete others files

  • So I rooted this one, but I'm not sure if I'm doing something wrong because every other time I try to root it, it seems that restarting the service from the GUI either works fine, or totally breaks the machine and requires a box reset...anyone else having this issue/know how to fix it?

    marlasthemage

  • Type your comment> @marlasthemage said:

    So I rooted this one, but I'm not sure if I'm doing something wrong because every other time I try to root it, it seems that restarting the service from the GUI either works fine, or totally breaks the machine and requires a box reset...anyone else having this issue/know how to fix it?

    till now I can't get root because someone delete files and timeout

  • i would like to clarify the synxtax for *****++ web interface, if someone can inbox me plz.

  • Ignore my earlier comment! You'll save yourself a lot of pain if you do it via API, rather than browser

    clubby789

    • GCIH
      If you need help with something, PM me how far you've got already, what you've tried etc (I won't respond to profile comments, or on box release night). And remember to +respect me if I helped you ; )
  • Ok.... everyone. I have to say, after watching my machine for a couple of days now and it get slated, it is clear people do not understand the application. When installing said application, it is restricted. This can be changed via API. The threads of the service can be changed also which allows multiple users. The application has been installed with default options as one would expect by an IT, supposed pro. Look at the config, stop moaning about lack of access, investigate why, somewhat helps, it all becomes obvious after looking at the "web server" settings.
  • @clubby789, will that stop the box breaking after restarting the service?

    marlasthemage

  • got a set of 7 passwords but these work on neither login page. should any of these work on the n******++ login page?

    zaphoxx

  • @zaphoxx, when you find passwords try them everywhere and with everyone!

    marlasthemage

  • Been trying to get root for the past few hours. Every ~20min someone reboots the box, this is ridiculous. It's either super slow because someone is bruteforcing it (not necessary) or someone is rebooting it for no reason. The last step is a joke with a lot of people doing the same thing at the same time and breaking each other's steps. Sigh....

  • Type your comment> @marlasthemage said:

    @zaphoxx, when you find passwords try them everywhere and with everyone!

    nvm, i did the same things again and now it worked immediately. thx anyways

    zaphoxx

  • I have explained in the discord HTB group already about this. This box is not a simple follow CVE. Please read the manual. There are methods to achieve what you need without said service. Reading the docs explains so much more. Thank you
  • Type your comment> @gu4r15m0 said:

    Can't get it to work, and the service keeps crashing, plus all the resets...
    I guess I'll try again down the week.

    PM me if you're still stuck

  • I believe all the resets are caused by people following a certain set of steps found in a popular website...

    Those steps are NOT accurate in this case, and cause issues.

    Before you follow them, take a minute to look around. You will see that some steps are inaccurate, and some are just not necessary at all.

    The number of concurrent users should not be a problem, if things are done properly.

    Happy to help/contrast/compare/verify :)

  • Someone help me to exploit the vulnerability to increase privileges, I'm trying to schedule the execution of my payload but it doesn't work, I'm already in the last step for the shell system, help!

  • Rooted. Personally, I think that this box is good to learn some basic concepts, nothing more.
    User: maybe what seems to be empty is hiding something. Maybe you can go in other places, just try.
    Root: read the configuration file to bypass the 403 and then follow searchsploit.

  • Rooted, finally. I have used the service to do it. Hardest part was messing around with said service with so many people changing things at the same time. I have tried other ways to root it but failed them all. It was fun, as a beginner pentester.

  • Finally resetting dudes gone and root.

    C:\Users\Administrator>whoami && hostname
    whoami && hostname
    nt authority\system
    ServMon

  • I found two file in ftp server but I could not get any info out of them i tried to use type to read but no luck. Any help !

  • Type your comment> @N00p said:

    I found two file in ftp server but I could not get any info out of them i tried to use type to read but no luck. Any help !

    // Using "get" to download the file into your local system.

  • Type your comment> @iriniu said:

    Type your comment> @N00p said:

    I found two file in ftp server but I could not get any info out of them i tried to use type to read but no luck. Any help !

    // Using "get" to download the file into your local system.

    I tried before it says access denied

  • Type your comment> @N00p said:

    Type your comment> @iriniu said:

    Type your comment> @N00p said:

    I found two file in ftp server but I could not get any info out of them i tried to use type to read but no luck. Any help !

    // Using "get" to download the file into your local system.

    I tried before it says access denied

    try mget *

  • Type your comment> @N00p said:

    Type your comment> @iriniu said:

    Type your comment> @N00p said:

    I found two file in ftp server but I could not get any info out of them i tried to use type to read but no luck. Any help !

    // Using "get" to download the file into your local system.

    I tried before it says access denied

    // PM u.

  • nice box
    thank you @dmw0ng.

  • edited April 14

    Oops! Said too much?!
    Rooted

    Hack The Box

  • Team,

    I have user.txt and working rather diligently on root. I have the password for the ++ service, however, I have absolutely no clue where to go next. Any advice would be fabutastic. Also, I am getting that 403 under https!

  • Not all details are properly documented in the CVE, there's another way to do it without web gui. Read the docs.
  • Type your comment> @W4rF4ther said:

    Team,

    I have user.txt and working rather diligently on root. I have the password for the ++ service, however, I have absolutely no clue where to go next. Any advice would be fabutastic. Also, I am getting that 403 under https!

    check the file you have ++ and you need to look through Tunnel vision

Sign In to comment.