ServMon

Type your comment> @zaphoxx said:

got a set of 7 passwords but these work on neither login page. should any of these work on the n******++ login page?

Nope, try somewhere else.

Rooted, cool box I can see why people get frustrated.
for root I suggest talking to the service directly, read the documentation and you have everything you need there plus examples on what syntax can work Good Luck, pm for nudges :smiley:

Rooted. Sad that it is so unstable. Tried yesterday - could not make tunnels. Tried same tricks today - and it works.
User: enumeration + CVE = bunch of keys on a keychain
Root: If you dont know curling then wait till gui loads (study how to add stuff quickly and correctly until page loads lol) and just proceed with CVE. Prepare to rape refresh.

A bit stuck for the root part, tried multiple pt f******g commands but getting empty replies from server, a nudge would be welcome :smile:
EDIT: got root, sometimes things can be secure :smile:

dont need to brute btw
if u find some creds, just try to login with small port

Reading the comments, I see I was not the only one who had struggles with mistakes of others haha.

@dmw0ng A good solution for next time would be to add a watchdog to restart the service to avoid resets.

Anyhow, start reading before doing is the key for this box! Still had some fun and gave me time to evaluate some other cool tricks. Thanks!

Is there a way to add a schedule without accessing GUI at all (I’ve never been able to load the login page as mentioned by a lot of people so trying the API route)? Or am I barking up the wrong tree here? Any hint would be appreciated :slight_smile:

PLEASE! For those who are erasing files they don’t own. Just stop doing that. That’s too annoying.

t> @ChuChuJelly said:

Is there a way to add a schedule without accessing GUI at all (I’ve never been able to load the login page as mentioned by a lot of people so trying the API route)? Or am I barking up the wrong tree here? Any hint would be appreciated :slight_smile:

This is where I’m stuck too :confused: I’ve got my script added to the server via API, and can execute it using the “test” command, but it seems to run as the current user rather than as the service account. So I’m assuming the only way to get it to do that is with the scheduler, but there doesn’t seem to be an API for that. Also looked at using the check_n***.exe to trigger it but can’t get that to connect even locally, and the config file suggests it is disabled anyway.

EDIT: I ended up just using the web front end to add the schedule and that worked fine. Feel sorry for people on the free servers though as even on the VIP server it was pretty sluggish, as plenty of people have said. But yeah, got root :slight_smile:

Type your comment> @ChuChuJelly said:

Is there a way to add a schedule without accessing GUI at all (I’ve never been able to load the login page as mentioned by a lot of people so trying the API route)? Or am I barking up the wrong tree here? Any hint would be appreciated :slight_smile:

@VbScrub said:
t> @ChuChuJelly said:

Is there a way to add a schedule without accessing GUI at all (I’ve never been able to load the login page as mentioned by a lot of people so trying the API route)? Or am I barking up the wrong tree here? Any hint would be appreciated :slight_smile:

This is where I’m stuck too :confused: I’ve got my script added to the server via API, and can execute it using the “test” command, but it seems to run as the current user rather than as the service account. So I’m assuming the only way to get it to do that is with the scheduler, but there doesn’t seem to be an API for that. Also looked at using the check_n***.exe to trigger it but can’t get that to connect even locally, and the config file suggests it is disabled anyway.

Read over the api section in the documentation and you will find the answer, i got stuck at the same point but taking a step back and reading the doc was how i found the right way to do what i wanted. Feel free to pm.

Good God … finally rooted. This took me way longer than expected, partly because of my own stupidity, partly because of the instability of the box. However, I have a feeling that things are starting to calm down, at least on EU VIP servers.

I learned a bunch of cool things about s** t********* and p**x* configurations.

No hints from me. Everything you need to know is on the previous pages. If you still need help, feel free to PM me, but please explain what you’ve tried so far.

Finally rooted. Thanks @dmw0ng for a nice, easy machine.
The root part is indeed a bit wonky, but there are ways to achieve the goal without having to interact with the slow/laggy UI :wink:

Hey everyone, I am pretty new to windows machines, so im kinda stuck. I found 2 txt files and I found exploit for n*per service, but its doesnt work for me for some reason, im not sure if it really exploitable. Also i found exploit for NS, but it doesnt work too. I dont know what else can i do, I just need little push to go ahead.

Just rooted.
User: Simple Enum and db-E and a little bit of logic
Root: Enum & db-E

PM for hint !

I got the 403 error even with the correct password , is there a problem with the machine ?

@DeepBook said:
I got the 403 error even with the correct password , is there a problem with the machine ?

Nope. Look at the config file where you got the password from. There’s a clue in there that explains why you are not allowed to log in this way

error messages i get from ********++ are completely messed up, like there’s some memory corruption going on. web interface dosen’t reply at all, just disconnects after a moment. i’m on VIP and by the looks of it the only one working on this box rn, so i feel like brute forcers or repeated resets can’t really be the issue here :confused:

EDIT: oh my godddddddddd i finally figured it out. the port number should be a giveaway and tell you how that port is different. not good enough? nmap it

Well, finally finished it off.

Learned a ton from user to root escalation!

Rooted :mrgreen:

C:\Users\Administrator>whoami
whoami
nt authority\system

C:\Users\Administrator>hostname
hostname
ServMon

Fun easy box,

Read the exploit you will find online for an idea on how it is exploited, then read the docs. I did manage to view the webui but it was slow as f so ended up using the API instead.

You do not have to reset, refresh or reload this box or any part of it. Priv esc can be done consistently with 2 curl commands from kali.

Sounds like some people could do with watching this:

SSH port forwarding

Thanks @dmw0ng

maybe it filter …/ , should i bypass?