ServMon

191012141530

Comments

  • Is there a way to add a schedule without accessing GUI at all (I've never been able to load the login page as mentioned by a lot of people so trying the API route)? Or am I barking up the wrong tree here? Any hint would be appreciated :)

  • PLEASE! For those who are erasing files they don't own. Just stop doing that. That's too annoying.

  • edited April 2020

    t> @ChuChuJelly said:

    Is there a way to add a schedule without accessing GUI at all (I've never been able to load the login page as mentioned by a lot of people so trying the API route)? Or am I barking up the wrong tree here? Any hint would be appreciated :)

    This is where I'm stuck too :/ I've got my script added to the server via API, and can execute it using the "test" command, but it seems to run as the current user rather than as the service account. So I'm assuming the only way to get it to do that is with the scheduler, but there doesn't seem to be an API for that. Also looked at using the check_n***.exe to trigger it but can't get that to connect even locally, and the config file suggests it is disabled anyway.

    EDIT: I ended up just using the web front end to add the schedule and that worked fine. Feel sorry for people on the free servers though as even on the VIP server it was pretty sluggish, as plenty of people have said. But yeah, got root :)

  • Type your comment> @ChuChuJelly said:

    Is there a way to add a schedule without accessing GUI at all (I've never been able to load the login page as mentioned by a lot of people so trying the API route)? Or am I barking up the wrong tree here? Any hint would be appreciated :)

    @VbScrub said:
    t> @ChuChuJelly said:

    Is there a way to add a schedule without accessing GUI at all (I've never been able to load the login page as mentioned by a lot of people so trying the API route)? Or am I barking up the wrong tree here? Any hint would be appreciated :)

    This is where I'm stuck too :/ I've got my script added to the server via API, and can execute it using the "test" command, but it seems to run as the current user rather than as the service account. So I'm assuming the only way to get it to do that is with the scheduler, but there doesn't seem to be an API for that. Also looked at using the check_n***.exe to trigger it but can't get that to connect even locally, and the config file suggests it is disabled anyway.

    Read over the api section in the documentation and you will find the answer, i got stuck at the same point but taking a step back and reading the doc was how i found the right way to do what i wanted. Feel free to pm.

    neon45

  • Good God … finally rooted. This took me way longer than expected, partly because of my own stupidity, partly because of the instability of the box. However, I have a feeling that things are starting to calm down, at least on EU VIP servers.

    I learned a bunch of cool things about s** t********* and p**x* configurations.

    No hints from me. Everything you need to know is on the previous pages. If you still need help, feel free to PM me, but please explain what you’ve tried so far.

    bigFish43
    eJPT

  • Finally rooted. Thanks @dmw0ng for a nice, easy machine.
    The root part is indeed a bit wonky, but there are ways to achieve the goal without having to interact with the slow/laggy UI ;)


    Hack The Box
    GREM | OSCE | GASF | eJPT

  • Hey everyone, I am pretty new to windows machines, so im kinda stuck. I found 2 txt files and I found exploit for n*per service, but its doesnt work for me for some reason, im not sure if it really exploitable. Also i found exploit for NS, but it doesnt work too. I dont know what else can i do, I just need little push to go ahead.

  • edited April 2020

    Just rooted.
    User: Simple Enum and db-E and a little bit of logic
    Root: Enum & db-E

    PM for hint !

  • I got the 403 error even with the correct password , is there a problem with the machine ?

  • @DeepBook said:
    I got the 403 error even with the correct password , is there a problem with the machine ?

    Nope. Look at the config file where you got the password from. There's a clue in there that explains why you are not allowed to log in this way

  • edited April 2020

    error messages i get from ********++ are completely messed up, like there's some memory corruption going on. web interface dosen't reply at all, just disconnects after a moment. i'm on VIP and by the looks of it the only one working on this box rn, so i feel like brute forcers or repeated resets can't really be the issue here :/

    EDIT: oh my godddddddddd i finally figured it out. the port number should be a giveaway and tell you how that port is different. not good enough? nmap it

    0x41

  • Well, finally finished it off.

    Learned a ton from user to root escalation!
  • edited April 2020

    Rooted :mrgreen:

    C:\Users\Administrator>whoami
    whoami
    nt authority\system
    
    C:\Users\Administrator>hostname
    hostname
    ServMon
    

    Fun easy box,

    Read the exploit you will find online for an idea on how it is exploited, then read the docs. I did manage to view the webui but it was slow as f so ended up using the API instead.

    You do not have to reset, refresh or reload this box or any part of it. Priv esc can be done consistently with 2 curl commands from kali.

    Sounds like some people could do with watching this:

    SSH port forwarding

    Thanks @dmw0ng

  • maybe it filter ../ , should i bypass?

  • rooted with API route.PM for hints

    jkana101
    OSCP | Sec+ | MCSE | VCP | CCNA

  • Frustrating box for no reason, not much to learn here, I stayed more for the need to complete it.

    Please do not reset the box it's just frustrating for all.

    For user many hints already shared.
    For root, the exploit that you will find is poorly documented, read a bit on the .ini file to understand the structure.

    One generic command and not essentially a hint but rather common knowledge:

    ssh -l user IP -L 1234:127.0.0.1:8443

    And connect from your local browser to port 1234 on your system.

    Do not use localhost instead of 127.0.0.1, use the IP. localhost might be resolving locally on the ipv6 interface which in many cases comes into priority. By all means it does not ensure that a service is listening also to the IPV6 interface.

  • @febinrev said:
    Got User ..... No idea What to do for root . Any nudge pls...

    @febinrev said:
    Got User ..... No idea What to do for root . Any nudge pls...

    @herapen09 said:
    Type your comment> @febinrev said:

    Got User ..... No idea What to do for root . Any nudge pls...

    You can find it by read the comments before or googling the application exploitation

    First I didn't get you, but after going through some open ports i got in nmap results , i got the point you said.....

  • Type your comment> @VbScrub said:

    @DeepBook said:
    I got the 403 error even with the correct password , is there a problem with the machine ?

    Nope. Look at the config file where you got the password from. There's a clue in there that explains why you are not allowed to log in this way

    Rooted! Thanks @VbScrub for the hint

  • got user :)
    feel free to pm me if u got stuck on user :smiley:


    Hack The Box

    You can pm me on discord sh4d0wless#6154

  • Hey guys, I got access to the NS++ but stuck on the settings, could anyone PM me and give me some hints on how to configure? Thanks a lot.

  • Stuck on User - I have creds from the P********.t** file, but I've tried them against all the services that make sense to me. I feel like I'm being super dense about this - any hints? perhaps I've not got the right username? (Been using both N* users)

  • @Bearcban said:

    Stuck on User - I have creds from the P********.t** file, but I've tried them against all the services that make sense to me. I feel like I'm being super dense about this - any hints? perhaps I've not got the right username? (Been using both N* users)

    I think you've overlooked a service. Try not to focus on common Windows services here.

    You can use Hydra to automate a lot of this.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Finally rooted, stucked on root with web service..
    PM me for hints.

  • Type your comment> @TazWake said:

    @Bearcban said:

    Stuck on User - I have creds from the P********.t** file, but I've tried them against all the services that make sense to me. I feel like I'm being super dense about this - any hints? perhaps I've not got the right username? (Been using both N* users)

    I think you've overlooked a service. Try not to focus on common Windows services here.

    You can use Hydra to automate a lot of this.

    Turns out I had a typo in my usernames file...

    Thanks for the help! Got user now.

  • Rooted, but it was a lot tougher than it should have been due to instability but still learnt from it and there are multiple ways to exploit and shall come back to it later to try other methods.

    Thanks to @GibParadox and @c0ckr04ch for confirming that I wasn't losing my mind when encountering instability.

    N3ph0s

    Discord n3ph0s#7012

  • edited April 2020

    Finally got the root. Stuck on every part. But the last part is full of surprises. Thanks for the hints given by everyone.

  • pwned..
    So, the monster is in the reset requested per minute :blush:

  • STOP DELETING THE FILES!!!

  • Finally rooted.

    A few hints

    User: enum + google will get you what you need
    Root: You don't need to use the UI and read the docs thoroughly

    PM if you get stuck on root

  • edited April 2020

    ssh: Permission denied, please try again.

    do i miss something here..owned all credentials but cant go through

    edit: fixed LOL

Sign In to comment.