ServMon

got user :slight_smile:
feel free to pm me if u got stuck on user :smiley:

Hey guys, I got access to the NS++ but stuck on the settings, could anyone PM me and give me some hints on how to configure? Thanks a lot.

Stuck on User - I have creds from the P********.t** file, but I’ve tried them against all the services that make sense to me. I feel like I’m being super dense about this - any hints? perhaps I’ve not got the right username? (Been using both N* users)

@Bearcban said:

Stuck on User - I have creds from the P********.t** file, but I’ve tried them against all the services that make sense to me. I feel like I’m being super dense about this - any hints? perhaps I’ve not got the right username? (Been using both N* users)

I think you’ve overlooked a service. Try not to focus on common Windows services here.

You can use Hydra to automate a lot of this.

Finally rooted, stucked on root with web service…
PM me for hints.

Type your comment> @TazWake said:

@Bearcban said:

Stuck on User - I have creds from the P********.t** file, but I’ve tried them against all the services that make sense to me. I feel like I’m being super dense about this - any hints? perhaps I’ve not got the right username? (Been using both N* users)

I think you’ve overlooked a service. Try not to focus on common Windows services here.

You can use Hydra to automate a lot of this.

Turns out I had a typo in my usernames file…

Thanks for the help! Got user now.

Rooted, but it was a lot tougher than it should have been due to instability but still learnt from it and there are multiple ways to exploit and shall come back to it later to try other methods.

Thanks to @GibParadox and @c0ckr04ch for confirming that I wasn’t losing my mind when encountering instability.

Finally got the root. Stuck on every part. But the last part is full of surprises. Thanks for the hints given by everyone.

pwned…
So, the monster is in the reset requested per minute :blush:

STOP DELETING THE FILES!!!

Finally rooted.

A few hints

User: enum + google will get you what you need
Root: You don’t need to use the UI and read the docs thoroughly

PM if you get stuck on root

ssh: Permission denied, please try again.

do i miss something here…owned all credentials but cant go through

edit: fixed LOL

Type your comment> @malwarepeter said:

ssh: Permission denied, please try again.

do i miss something here…owned all credentials but cant go through

any nudge and i think am on the right track

There are two parts that make up credentials, it’s not all about the second part.

Type your comment> @wizedkyle said:

Type your comment> @malwarepeter said:

ssh: Permission denied, please try again.

do i miss something here…owned all credentials but cant go through

any nudge and i think am on the right track

There are two parts that make up credentials, it’s not all about the second part.

I was dumb, I found that hydra can automate that and gives the right creds

I don’t really know why you’d need to automate that part. There’s only 2 usernames to try and only a handful of passwords. Took me 3 manual attempts to get the right combo. I guess in the real world you’d probably have a lot more data so its a good idea to get used to automating these things… but for people just wanting to complete this machine, you don’t need to automate anything on this box.

Finally rooted!

I had much frustration with the Web UI and finally decided to go the API route after reading posts here. I had to read the docs, poke around, and put things together. I was unsure how to run it and took a stab in the dark…and got the admin shell, somehow!

For root on this box, it was clear to me what to exploit early on, but not so straightforward how to.

@VbScrub said:

I don’t really know why you’d need to automate that part.

Fun?

To be fair I did it simply because it was easier. I’d already dumped the data into two files because I didn’t know what would be needed so running a tool became a simple single command line.

100% agree though, I think there is less than a dozen possible combinations so manual is not much more effort :smile:

@TazWake ah yeah in that case fair enough. In my case I think it would have been more effort to create the separate files and set up the automation than it would to just copy and paste a few password attempts :slight_smile:

Either way, each to their own and I’m certainly not saying its a bad thing to automate it, just clarifying that you don’t NEED to do it for any part of this box. Don’t want people to get the wrong idea and start trying to brute force things lol

Type your comment> @VbScrub said:

I don’t really know why you’d need to automate that part. There’s only 2 usernames to try and only a handful of passwords. Took me 3 manual attempts to get the right combo. I guess in the real world you’d probably have a lot more data so its a good idea to get used to automating these things… but for people just wanting to complete this machine, you don’t need to automate anything on this box.

+1, i try one by one and found true combination in 1 or 2 minute

Rooted via web GUI. Am interested in how the API method worked, if anyone wants to share. I can expose first few chars of root flag as proof if needed.