ServMon

Rooted via web GUI. Am interested in how the API method worked, if anyone wants to share. I can expose first few chars of root flag as proof if needed.

User was just connecting the dots, Root was really pathetic from the stability perspective even in the VIP labs

Got root!

Actually, it’s easy machine and lots of scenarios relevant to OSCP’s.

However, this machine has a pretty annoying way to be exploited, especially for public machines like hack the box.

The idea of the box is great but in practice it is awfully bad because people tend to reset it. Rooted.

Spoiler Removed

easy but intriguing box.
User took me more than necessary because of ■■■■ overthinking.
Root was quite challenging because the box seemed not really stable

pls dont reset again and again

Am I missing something? I see user.txt, which is empty?

somebody deleted the hash than. Reset box to get it back…

Rooted! What a funny box. Getting user.txt was easy, yet getting root with the connection problems was a challenge. An advice I can give you is to be patient and try harder. And, if you find something interesting to get root, don’t follow all the steps, try to think a little bit outside the box. If you need a hint, just send a PM.

Hey guey, I pretty new to windows machines, so im lil bit stuck. I found 2 Net*****.log and host , hostname : ServMon and Domainename , could anyone help me with what particular file should i look for.

ROOTED!!
thanks to @neon45 for the nudges.
User is just a search away.
for root use the API and read the doc carefully. don’t struggle with the WEB UI
PM for nudges :slight_smile:

rooted now, thanks to all for the help and for your patience Pegasys14

Rooted. Combination of GUI fun and CLI fun. Refresh, refresh, refresh. Eventually it works.

i think anyone cant access the web page of ++ service
i can not get root with this way
someones reset again and again, someones bruteforce but they dont know ehat bruting for and machine get slower and slower again, really stressful minutes :angry:

Rooted. Found an easy way to reload modules via the webui. No need to reboot the machine. This one was pretty fun enumeration wise.

Feel free to PM for any nudges.

I can’t find the webui. Did you find using dirb or gobuster?

Type your comment> @haderach said:

I can’t find the webui. Did you find using dirb or gobuster?

I found the page.

No need to keep reseting the server if you can get to the UI. It was painful to do the last couple steps of this box.

I got the login page and password but the message is “403 Your not allowed”. WTF???