ServMon

Need a nudge with the either the API or s**-t******** :
I hate this machine too.

could any1 PM me? i’m stuck at user…

Rooted this machine. A very frustrating machine…oh god!!!
User: Total opposite to root. Totally easy. Just read those files and you will be through.
Root: Be frustrated man just keep boiling your mind and if you are lucky then you will get root file. API way is easy than GUI.
If you are stuck then feel free to pm. I willl be very happy to help. Just be through this machine. Seriously hated it.
Discord: reddevil09

I’m doing the challenge with a friend of mine and running the same identical exploit for N*** we have two different results: he manages to exploit the vm while I get an error message, anyone has tried the exploit and can give me a nudge?

ServMon machine finished. Thank you @dmw0ng for reinforcing vulnerabilities of the type “directory traversal” and the importance of the “Principle of Minimal Privilege” (PoLP).

Private message if you need help with “ServMon”.

Stuck at user although I identified the path to priv esc. It says there is a file on someones desktop but there is no file there and I also tried grabbing the file using dir trav vulnerability? Any advice/tips? Is this a rabbithole? Should I look elsewhere? Thanks guys!

Type your comment> @sirbowen said:

Type your comment> @FunkyMcBeef said:

Rooted. Thx to @FDS and @TazWake for the nudges.

My hints:
User:
- Go for bottom-up enumeration
- If in doubt, msf will help you out
Root:
Edit: I somehow got problems reconstructing my path to root after reset.
So giving advise might take a bit

Agree, dun use the default depth, enumerate from bottom up.

This helped a ton. Thanks bud! I had the right approach but it just wasn’t working until I messed with the depth.

Rooted!

Tip for anyone struggling with the lag over the 8…3 s…p…t…w…: use the Throttling setting in your browser.
Setting it to 3G worked wonders for me. Everything started to work!

PM for nudges and hints!

Stuck for hours. Reconnecting for hours. How do you perform traverse to get to read N****n’s file?

Type your comment> @Manitu said:

Stuck for hours. Reconnecting for hours. How do you perform traverse to get to read N****n’s file?

Enumerate and search popular exploit lists for what you find.
There is a POC there. Change it to fit your needs.

Finally.
Machine is rooted.
Theoretically speaking, machine was supposed to be easy. However, due to other people using the machine at the same time (even in VIP), lagging and UI instability, I’ve spent some time on the last part.
API is not well documented, but it did helped me to finish it.
On to the next one

Got access to root.txt but htb says the hash is incorrect. I am on VIP and restarted the box an hour ago because I heard something about rotating flags.

@emjay12 yeah see here: HTB News | Integrity of Hack The Box

Personally I haven’t had any issues since they did this, but I’ve seen quite a few others have. You might have to reset the machine and then try get the flag again

What !? Only 2 stars?
It deserves more!!
Yes ok, user was easy (but that’s not a reason to give a bad rating).
Also, if you are bad at pentesting like me you could waste a lot time on other services.
There was a lot of stuff to look at!!
Root in my honest opinion was pretty good.
Easy to detect the vulnerability, but the exploit not trivial at all.

Good job @dmw0ng ! Thanks a lot, keep going with the good work :smile:

PS → Feel free to PM for hints.

whoami
nt authority\system

Hi , I got user , onto root now , yesterday when I sent some commands using API it was working , today it says 403 Forbidden, does this happen ?

Type your comment> @dinosn said:

Please do not reset the box it’s just frustrating for all.

Holy ■■■■ is it ever…

Type your comment> @dinosn said:

Do not use localhost instead of 127.0.0.1, use the IP.
Thank you!!! Solved my issue… Now to figure out the API since this site runs like S**T in FF.

Rooted !

BUT THERE ARE TOO MANY PROBLEMS IN THE BOX :confused:

Type your comment> @Anu said:

Hi , I got user , onto root now , yesterday when I sent some commands using API it was working , today it says 403 Forbidden, does this happen ?

Think about who you are when you use the API

User is pretty easy just use what you see in the nmap

It’s just so frustrating how often it gets reset… Is there any advantage on using those VIP servers y’all talk about? With all the covid situation I don’t feel like spending any extra money, life got just too tough, but I’m learning so much and if there is any real advantage more than going through the legacy boxes I would seriously think about it and make some maths