ServMon

1151618202130

Comments

  • Rooted this machine. A very frustrating machine...oh god!!!
    User: Total opposite to root. Totally easy. Just read those files and you will be through.
    Root: Be frustrated man just keep boiling your mind and if you are lucky then you will get root file. API way is easy than GUI.
    If you are stuck then feel free to pm. I willl be very happy to help. Just be through this machine. Seriously hated it.
    Discord: reddevil09

    Hack The Box

  • I'm doing the challenge with a friend of mine and running the same identical exploit for N*** we have two different results: he manages to exploit the vm while I get an error message, anyone has tried the exploit and can give me a nudge?

  • ServMon machine finished. Thank you @dmw0ng for reinforcing vulnerabilities of the type "directory traversal" and the importance of the "Principle of Minimal Privilege" (PoLP).

    Private message if you need help with "ServMon".

  • Stuck at user although I identified the path to priv esc. It says there is a file on someones desktop but there is no file there and I also tried grabbing the file using dir trav vulnerability? Any advice/tips? Is this a rabbithole? Should I look elsewhere? Thanks guys!

  • Type your comment> @sirbowen said:

    Type your comment> @FunkyMcBeef said:

    Rooted. Thx to @FDS and @TazWake for the nudges.

    My hints:
    User:
    - Go for bottom-up enumeration
    - If in doubt, msf will help you out
    Root:
    Edit: I somehow got problems reconstructing my path to root after reset.
    So giving advise might take a bit

    Agree, dun use the default depth, enumerate from bottom up.

    This helped a ton. Thanks bud! I had the right approach but it just wasn't working until I messed with the depth.

  • edited April 2020

    Rooted!

    Tip for anyone struggling with the lag over the 8..3 s..p..t....w..: use the Throttling setting in your browser.
    Setting it to 3G worked wonders for me. Everything started to work!

    PM for nudges and hints!

  • Stuck for hours. Reconnecting for hours. How do you perform traverse to get to read N****n's file?

  • Type your comment> @Manitu said:

    Stuck for hours. Reconnecting for hours. How do you perform traverse to get to read N****n's file?

    Enumerate and search popular exploit lists for what you find.
    There is a POC there. Change it to fit your needs.

  • Finally.
    Machine is rooted.
    Theoretically speaking, machine was supposed to be easy. However, due to other people using the machine at the same time (even in VIP), lagging and UI instability, I've spent some time on the last part.
    API is not well documented, but it did helped me to finish it.
    On to the next one

    Hack The Box

  • Got access to root.txt but htb says the hash is incorrect. I am on VIP and restarted the box an hour ago because I heard something about rotating flags.

    emjay12

  • @emjay12 yeah see here: https://www.hackthebox.eu/press/integrity-of-hack-the-box

    Personally I haven't had any issues since they did this, but I've seen quite a few others have. You might have to reset the machine and then try get the flag again

  • What !? Only 2 stars?
    It deserves more!!
    Yes ok, user was easy (but that's not a reason to give a bad rating).
    Also, if you are bad at pentesting like me you could waste a lot time on other services.
    There was a lot of stuff to look at!!
    Root in my honest opinion was pretty good.
    Easy to detect the vulnerability, but the exploit not trivial at all.

    Good job @dmw0ng ! Thanks a lot, keep going with the good work :smile:

    PS -> Feel free to PM for hints.

    whoami
    nt authority\system
    

    Hack The Box

  • AnuAnu
    edited April 2020

    Hi , I got user , onto root now , yesterday when I sent some commands using API it was working , today it says 403 Forbidden, does this happen ?

  • Type your comment> @dinosn said:

    Please do not reset the box it's just frustrating for all.

    Holy hell is it ever....

    Type your comment> @dinosn said:

    Do not use localhost instead of 127.0.0.1, use the IP.

    Thank you!!! Solved my issue.... Now to figure out the API since this site runs like S**T in FF.

    aut0exec

  • Rooted !

    BUT THERE ARE TOO MANY PROBLEMS IN THE BOX :/

  • Type your comment> @Anu said:

    Hi , I got user , onto root now , yesterday when I sent some commands using API it was working , today it says 403 Forbidden, does this happen ?

    Think about who you are when you use the API

  • User is pretty easy just use what you see in the nmap

  • It's just so frustrating how often it gets reset... Is there any advantage on using those VIP servers y'all talk about? With all the covid situation I don't feel like spending any extra money, life got just too tough, but I'm learning so much and if there is any real advantage more than going through the legacy boxes I would seriously think about it and make some maths

  • Late, but rooted!
    for user: enumeration and search a txt vuln from cmdline
    for root: check the other website configuration and credentials, then use the same txt vuln from cmdline.
    Due to the pretty bad web gui use chromium
    Note (because i lost 4 hours on this):

    • Add one line in the first part
    • two lines in the second (60 not 1m) and a name for the section
  • edited April 2020

    Type your comment> @GabrielGT said:

    It's just so frustrating how often it gets reset... Is there any advantage on using those VIP servers y'all talk about? With all the covid situation I don't feel like spending any extra money, life got just too tough, but I'm learning so much and if there is any real advantage more than going through the legacy boxes I would seriously think about it and make some maths

    I used the free servers for ages but switched to VIP last month and did the last 2 windows boxes on that, and it honestly was a big improvement.

    Doing an nmap scan completes in about 10% of the time it used to take. No one has ever reset a box while I've been working on it. I haven't found files from other players. Transferring files over to/from the machines is way faster. Everything has just worked so much faster and smoother in general.

    However, I have seen other people in this thread saying even on VIP they had issues with this box in particular. So maybe I just got lucky with this one? The last box I did on VIP was great as well though.

  • Type your comment> @davihack said:

    What !? Only 2 stars?
    It deserves more!!
    Yes ok, user was easy (but that's not a reason to give a bad rating).
    Also, if you are bad at pentesting like me you could waste a lot time on other services.
    There was a lot of stuff to look at!!
    Root in my honest opinion was pretty good.
    Easy to detect the vulnerability, but the exploit not trivial at all.

    Good job @dmw0ng ! Thanks a lot, keep going with the good work :smile:

    PS -> Feel free to PM for hints.

    whoami
    nt authority\system
    

    Hack The Box

    It deserves 1 star.

  • @VbScrub said:

    However, I have seen other people in this thread saying even on VIP they had issues with this box in particular. So maybe I just got lucky with this one? The last box I did on VIP was great as well though.

    Just to muddy the water, I switched to EU Free this evening and had a go at the box. I didn't encounter any issues or resets (however, it was faster than normal because I already knew what to do) but there were quite a few people leaving crap around.

    I think if people use "evil.bat" type filenames on the free servers, the chances are someone else will overwrite it faster than you can exploit the box. Other than that, its hard to think what people might be doing to break this box.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • edited April 2020

    @NoName21 said:
    It deserves 1 star.

    Brutal :lol:

    I don't think you can blame the machine author for most of the issues people have had (and personally I didn't have any issues at all).

    As someone who has made a couple of machines for HTB myself, I will say its very hard to know how they will perform. When you make it you're testing it just on your own VM with only you accessing it. Nothing like when it actually goes live on HTB with hundreds of people attacking it simultaneously, being hammered by brute force attacks and resets, whilst being constrained to minimal memory and CPU requirements (1 core and max of 2 GB RAM I think are the recommendations from HTB)

  • I am wondering if someone could give me a nudge for root. i understand what needs to happen but when i try to do anything it is unsuccessful.

  • @usmcjoker said:

    I am wondering if someone could give me a nudge for root. i understand what needs to happen but when i try to do anything it is unsuccessful.

    I think it depends on what is unsuccessful.

    For example - some nudges include : use the API; issue commands from the server; plan the attack to keep it quick.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • After struggling a lot to get root, I finally got it, but it definitely wasn't a "straight forward" box and very unstable.

    c:\Users\Administrator\Desktop>whoami
    whoami
    nt authority\system
    

    Hack The Box
    CISSP | eJPT

  • Hey guys,

    I have user and I'm pretty sure I know what to do to get root. But I think I'm having issues with making a connection from the victim machine to my machine. I can't seem to get a reverse shell to work with NC or set up 'tunnel vision'. To do a simpler test of my networking I: (i) turned off the firewall on my host machine (running Kali on a VM with NAT); (ii) used python to host a simple http server on 4445 on the attacking machine; (iii) checked my IP address with ifconfig; (iv) tried to curl the http server on 4445 from the n****e account on the victim machine. But I get a failed to connect message. The http server works fine if curling it from my own machine. Any ideas?

  • @LexRespec said:

    Hey guys,

    I have user and I'm pretty sure I know what to do to get root. But I think I'm having issues with making a connection from the victim machine to my machine. I can't seem to get a reverse shell to work with NC or set up 'tunnel vision'. To do a simpler test of my networking I: (i) turned off the firewall on my host machine (running Kali on a VM with NAT); (ii) used python to host a simple http server on 4445 on the attacking machine; (iii) checked my IP address with ifconfig; (iv) tried to curl the http server on 4445 from the n****e account on the victim machine. But I get a failed to connect message. The http server works fine if curling it from my own machine. Any ideas?

    You have a couple of choices - for example SSH Port Forwarding might be an option.

    You can also just issue the curl commands from the server instead of your endpoint.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Hey! I've found some creds based on the instructions in the files gathered from the users which should be used for something one might think. problem is that none of the pws work? Is someone changing the password to make me pull my hair out or am I jumping down a rabbit hole (would surprise me on this machine though) ...:)

  • edited April 2020

    this box is unstable asf, had to reset in order to knock on the next door neighbours door..Whole time i thought I was doing it wrong

    Hack The Box

    More than happy to help out and give hints - sorry if you've messaged me on forum.htb and I haven't got back, I might be more reachable via discord: CRYP70🇦🇺#8985

Sign In to comment.