ServMon

Hey everyone, I am pretty new to windows machines, so im kinda stuck. I found 2 txt files and I found exploit for n*per service, but its doesnt work for me for some reason, im not sure if it really exploitable. Also i found exploit for NS, but it doesnt work too. I dont know what else can i do, I just need little push to go ahead.

Just rooted.
User: Simple Enum and db-E and a little bit of logic
Root: Enum & db-E

PM for hint !

I got the 403 error even with the correct password , is there a problem with the machine ?

@DeepBook said:
I got the 403 error even with the correct password , is there a problem with the machine ?

Nope. Look at the config file where you got the password from. There’s a clue in there that explains why you are not allowed to log in this way

error messages i get from ********++ are completely messed up, like there’s some memory corruption going on. web interface dosen’t reply at all, just disconnects after a moment. i’m on VIP and by the looks of it the only one working on this box rn, so i feel like brute forcers or repeated resets can’t really be the issue here :confused:

EDIT: oh my godddddddddd i finally figured it out. the port number should be a giveaway and tell you how that port is different. not good enough? nmap it

Well, finally finished it off.

Learned a ton from user to root escalation!

Rooted :mrgreen:

C:\Users\Administrator>whoami
whoami
nt authority\system

C:\Users\Administrator>hostname
hostname
ServMon

Fun easy box,

Read the exploit you will find online for an idea on how it is exploited, then read the docs. I did manage to view the webui but it was slow as f so ended up using the API instead.

You do not have to reset, refresh or reload this box or any part of it. Priv esc can be done consistently with 2 curl commands from kali.

Sounds like some people could do with watching this:

SSH port forwarding

Thanks @dmw0ng

maybe it filter …/ , should i bypass?

rooted with API route.PM for hints

Frustrating box for no reason, not much to learn here, I stayed more for the need to complete it.

Please do not reset the box it’s just frustrating for all.

For user many hints already shared.
For root, the exploit that you will find is poorly documented, read a bit on the .ini file to understand the structure.

One generic command and not essentially a hint but rather common knowledge:

ssh -l user IP -L 1234:127.0.0.1:8443

And connect from your local browser to port 1234 on your system.

Do not use localhost instead of 127.0.0.1, use the IP. localhost might be resolving locally on the ipv6 interface which in many cases comes into priority. By all means it does not ensure that a service is listening also to the IPV6 interface.

@febinrev said:
Got User … No idea What to do for root . Any nudge pls…

@febinrev said:
Got User … No idea What to do for root . Any nudge pls…

@herapen09 said:
Type your comment> @febinrev said:

Got User … No idea What to do for root . Any nudge pls…

You can find it by read the comments before or googling the application exploitation

First I didn’t get you, but after going through some open ports i got in nmap results , i got the point you said…

Type your comment> @VbScrub said:

@DeepBook said:
I got the 403 error even with the correct password , is there a problem with the machine ?

Nope. Look at the config file where you got the password from. There’s a clue in there that explains why you are not allowed to log in this way

Rooted! Thanks @VbScrub for the hint

got user :slight_smile:
feel free to pm me if u got stuck on user :smiley:

Hey guys, I got access to the NS++ but stuck on the settings, could anyone PM me and give me some hints on how to configure? Thanks a lot.

Stuck on User - I have creds from the P********.t** file, but I’ve tried them against all the services that make sense to me. I feel like I’m being super dense about this - any hints? perhaps I’ve not got the right username? (Been using both N* users)

@Bearcban said:

Stuck on User - I have creds from the P********.t** file, but I’ve tried them against all the services that make sense to me. I feel like I’m being super dense about this - any hints? perhaps I’ve not got the right username? (Been using both N* users)

I think you’ve overlooked a service. Try not to focus on common Windows services here.

You can use Hydra to automate a lot of this.

Finally rooted, stucked on root with web service…
PM me for hints.

Type your comment> @TazWake said:

@Bearcban said:

Stuck on User - I have creds from the P********.t** file, but I’ve tried them against all the services that make sense to me. I feel like I’m being super dense about this - any hints? perhaps I’ve not got the right username? (Been using both N* users)

I think you’ve overlooked a service. Try not to focus on common Windows services here.

You can use Hydra to automate a lot of this.

Turns out I had a typo in my usernames file…

Thanks for the help! Got user now.

Rooted, but it was a lot tougher than it should have been due to instability but still learnt from it and there are multiple ways to exploit and shall come back to it later to try other methods.

Thanks to @GibParadox and @c0ckr04ch for confirming that I wasn’t losing my mind when encountering instability.

Finally got the root. Stuck on every part. But the last part is full of surprises. Thanks for the hints given by everyone.