ServMon

Finally rooted i got crazy with this box.
It’s not difficult but it’s unstable and the root part may tkae too long if you don’t find a way around. Be ready to die if you are not VIP lol

Congrats to the creator and thank you @c4ph00k for your valuable hint

Feel free to PM if you need help

Type your comment> @W41t3r4v3n said:

Type your comment> @dany10101 said:

Type your comment> @W41t3r4v3n said:

I just wish people would stop being assholes and stop deleting other peoples files it is sooooooooooooooooooooo frustrating

I believe your files get deleted if the box is reset. Unfortunately, you need to reset the box if you crashed the ++ service.

It is easy to think that using the rel*** functionality or the api call related to this will load your script but it seems to crash the service.

I am getting 403 when trying to use API

I recommend reading the .ini file again. There are 2 requirements you need to satisfy not just the password.

stucked on the root part :frowning: pls pm anyone?

Anyone available to discuss forwarding??

@rootshooter said:
Anyone available to discuss forwarding??

I made a video on the general concept if you’re struggling to understand that side of things:

@VbScrub I understand the concept. I am just not too sure I am going about it in the right manner.

Edit: I figured out where I was going wrong thanks to @roelvb

Can this box get taken down and fixed? I’ve never come across a box this buggy, it’s impossible to get through.

Is port forwarding needed for this box?

@TheCryptonian said:

Can this box get taken down and fixed? I’ve never come across a box this buggy, it’s impossible to get through.

I am not sure if I was just lucky but I didn’t have any issues on this box.

Type your comment> @TazWake said:

Is port forwarding needed for this box?

Port forwarding is not required. And the WebUI is also not required. If you read the docs on the vulnerable service, you can do everything (for root) with 2 well-written curl commands.

@limelight said:

Port forwarding is not required.

Thought as much - I don’t remember even considering forwarding.

you can do everything (for root) with 2 well-written curl commands.

And a password… :smile:

Got user and now heading for root

@TazWake said:

@TheCryptonian said:

(Quote)
I am not sure if I was just lucky but I didn’t have any issues on this box.

Was fine for me too

can anyone who got root via api pm me please

I am so stuck on thisbox, I have so far done the nmap scan and that is it. I have also had a look at the FTP and seen two users with txt files but are struggling to get files due to spaces, I have also found the site on the ssl port. Anyone pm me to help?

Type your comment> @jish2002 said:

I am so stuck on thisbox, I have so far done the nmap scan and that is it. I have also had a look at the FTP and seen two users with txt files but are struggling to get files due to spaces, I have also found the site on the ssl port. Anyone pm me to help?

try (get “xxx yyy.txt”) on ftp without parentheses

@jish2002 said:

I am so stuck on thisbox, I have so far done the nmap scan and that is it.

Well, it’s a good way to start.

It’s a windows box so millions of ports are open but don’t let that put you off. Just work through the ports.

I have also had a look at the FTP and seen two users with txt files but are struggling to get files due to spaces,

Only one file has spaces. The other one shouldn’t be a problem.

When you have spaces, remember quotes exist.

I have also found the site on the ssl port.

If you mean port 443, this might be a bit misleading. Focus on 80 first. If you really look into this, you don’t actually need the text file with spaces.

Well I finally got root and I think I made that much harder than it needed to be. Oh and whoever changed the user hash on the box…naughty, naughty. No Christmas card for you.

■■■ why some people again and again reset machine???

why reset after 10 minute again ? what can be happen in 10 minute i cant really understand

i will buy vip one they because of this people, when i try script its reset!

It is true that the GUI is a pain but let’s be honest you are here to learn tricks, so go for the API. Reading a bit of doc about a new service, and finding the efficient way to get stuff done is what pentesting is all about…