ServMon

Everyone going who is going through the CURL method and is stuck, PM me! I learned quite a bit from this box so I’m happy to give hints

When trying to forward the 84** port, it gives connection reset, is it about setting a client certificate ??

Stuck on the initial foothold. Found the C********.txt and N**** ** *o.txt files but am at a loss as to the next steps? Any nudges?

Rooted. Really fun box. Refreshed some old knowledge, learned plenty of new tips, enjoyed it.

I didn’t have any of the reported issues on VIP tier

Thanks to @dmw0ng for a fun challenge!

There are plenty of hints here already but I would say again that not all instructions need to be followed verbatim.

Root hint: If you’re finding yourself getting denied, are you who the config file says you should be?

Rooted, that was more of a struggle for root than it should have been, as soon as i ditched the web ui route and read through all the documentation properly everything fell into place and turns out to be very straight forward. PM for nudges

Rooted. Took me a bit to figure out root, I’m available for hints if you need it!

Rooted, fun box and clearly OSCP like. But the instability makes work very complicated

Type your comment> @magomed said:

Type your comment> @khaled0x7 said:

any hints for Root
i got the config file N**nt.ini and i got the An creds, and i found an exploit on exploit-db for local priv esc, but at some point it requires to login, how i can login to that service, however the allowed hosts is only 127.0.0.1.

I have only *** connection using N***** user
please PM for any hint

Sent you a PM.

For those struggling on the port forwarding due to resets, you can do everything with powershell without the tunnel.

Type your comment> @zaphoxx said:

got a set of 7 passwords but these work on neither login page. should any of these work on the n******++ login page?

Nope, try somewhere else.

Rooted, cool box I can see why people get frustrated.
for root I suggest talking to the service directly, read the documentation and you have everything you need there plus examples on what syntax can work Good Luck, pm for nudges :smiley:

Rooted. Sad that it is so unstable. Tried yesterday - could not make tunnels. Tried same tricks today - and it works.
User: enumeration + CVE = bunch of keys on a keychain
Root: If you dont know curling then wait till gui loads (study how to add stuff quickly and correctly until page loads lol) and just proceed with CVE. Prepare to rape refresh.

A bit stuck for the root part, tried multiple pt f******g commands but getting empty replies from server, a nudge would be welcome :smile:
EDIT: got root, sometimes things can be secure :smile:

dont need to brute btw
if u find some creds, just try to login with small port

Reading the comments, I see I was not the only one who had struggles with mistakes of others haha.

@dmw0ng A good solution for next time would be to add a watchdog to restart the service to avoid resets.

Anyhow, start reading before doing is the key for this box! Still had some fun and gave me time to evaluate some other cool tricks. Thanks!

Is there a way to add a schedule without accessing GUI at all (I’ve never been able to load the login page as mentioned by a lot of people so trying the API route)? Or am I barking up the wrong tree here? Any hint would be appreciated :slight_smile:

PLEASE! For those who are erasing files they don’t own. Just stop doing that. That’s too annoying.

t> @ChuChuJelly said:

Is there a way to add a schedule without accessing GUI at all (I’ve never been able to load the login page as mentioned by a lot of people so trying the API route)? Or am I barking up the wrong tree here? Any hint would be appreciated :slight_smile:

This is where I’m stuck too :confused: I’ve got my script added to the server via API, and can execute it using the “test” command, but it seems to run as the current user rather than as the service account. So I’m assuming the only way to get it to do that is with the scheduler, but there doesn’t seem to be an API for that. Also looked at using the check_n***.exe to trigger it but can’t get that to connect even locally, and the config file suggests it is disabled anyway.

EDIT: I ended up just using the web front end to add the schedule and that worked fine. Feel sorry for people on the free servers though as even on the VIP server it was pretty sluggish, as plenty of people have said. But yeah, got root :slight_smile:

Type your comment> @ChuChuJelly said:

Is there a way to add a schedule without accessing GUI at all (I’ve never been able to load the login page as mentioned by a lot of people so trying the API route)? Or am I barking up the wrong tree here? Any hint would be appreciated :slight_smile:

@VbScrub said:
t> @ChuChuJelly said:

Is there a way to add a schedule without accessing GUI at all (I’ve never been able to load the login page as mentioned by a lot of people so trying the API route)? Or am I barking up the wrong tree here? Any hint would be appreciated :slight_smile:

This is where I’m stuck too :confused: I’ve got my script added to the server via API, and can execute it using the “test” command, but it seems to run as the current user rather than as the service account. So I’m assuming the only way to get it to do that is with the scheduler, but there doesn’t seem to be an API for that. Also looked at using the check_n***.exe to trigger it but can’t get that to connect even locally, and the config file suggests it is disabled anyway.

Read over the api section in the documentation and you will find the answer, i got stuck at the same point but taking a step back and reading the doc was how i found the right way to do what i wanted. Feel free to pm.

Good God … finally rooted. This took me way longer than expected, partly because of my own stupidity, partly because of the instability of the box. However, I have a feeling that things are starting to calm down, at least on EU VIP servers.

I learned a bunch of cool things about s** t********* and p**x* configurations.

No hints from me. Everything you need to know is on the previous pages. If you still need help, feel free to PM me, but please explain what you’ve tried so far.