ServMon

Finally rooted this box

User: very straight forwarded, open your eyes, and check well known places for help
Root: due to guys bruteforcing and resetting this box for no reason a real headache, read the documentation and make use of it, there’s absolutely no need to reset, reload, or whatever this box to get root

PM if you need help

Great machine to understand of the multiple approaches that can be taken to one service.

Rooted…

Root was much more difficult than i thought after getting User.txt and vulnerability to be exploited for PrivEsc.

I hear a lot of people complaining about other users deleting their files… MAYBE it is some kind of AV on target?. And do you really need a shell to accomplish your goal?

What is going on with the stability of this box!?

I got user last week, revisited and got root. However the flag was not “correct” - I think that this is due to rotating hashes on the background to prevent cheating. Anyways - I reset the box, and it’s not staying up for 5 min straight for me to retrace my steps!

Wanted to vent, sorry :slight_smile:

Can someone who’s rooted this box the CLI route give me a message? I’ve managed to root this box, but after revisiting the box to do my writeup i haven’t been able to the same way.

I can provide the hash I obtained at the time for proof or it can be seen on my profile. Cheers.

I get a ping but I can’t the web page to work… It was working fine the first time I opened up the login page.

Its working now…

And that is root.

I’ve seen a lot of negativity towards this box, but have not over the last few days experienced any of the issues stated. I use a VIP subscription, maybe that has been the difference.

However, there are ways to root this box and ways not to. I’m not sure on the rules for submission, but I can’t for one second believe that rebooting a machine is allowed, so if a script that you find on a very popular database says to do this, I would probably start thinking there must be another way. I wouldn’t reboot the machine and upset other hackers. Just my thoughts, but that’s how I perceive it.

Otherwise, thanks for a really interesting box @dmw0ng , thanks also to @VbScrub and @LOLOLEKIK for getting me over the final hurdle.

I had to take a hint or two to get root on this one, but just want to say people are being too rough on this box. I’m sure at release with a lot of people reading a certain exploit, that it got reset and jumbled a lot.

I had a good time refreshing certain skills and learned a bit.

Thanks for box creator.

Could do with a nudge on the last part of the API commands if anyones about, can’t quite get it :slight_smile:

rooted.
Here are my hints:

  • user: start from lower port enum and then use those information by means of next port
  • root: find service exploitation and DON’T RESTART SERVMON it is not necessary.

PM me for more hints.

Nmap told me up front about a port that you check out its content for free :wink: After looking at what this server’s main purpose is, google the service. You’ll find a nice PoC on DB. Knowing windows paths will help.

edit:
rooted, inbox open for help with root.
Drove me mad.
Cheers to anyone who helped :smiley:

Este es mi segundo post por aquí,

Usuario: CVE y enumeración simple.
root: La verdad que no es necesario acceder a la web de ********++, ni seguir al pie de la letra el exploit encontrado, solo es cuestión de entender como funciona la vulnerabilidad. Recuerda que tiene una API, una lectura a la guía es el mejor camino. Luego de ello sabrás que ni es necesario reiniciar nada. Good Luck!

Cualquier empujón PM.

#Spanish

finally rooted!

finally rooted !!
this machine is very unstable, no need to reboot or reset it, losing connection all the time is f**** annoying

This is very frustrating, I know what I need to do regarding “the service” for root, I have my .b and n.e* on the box.
My struggle here is the whole driving through the tunnel stuff, can someone provide a useful resource to read up on this? (I have never done it before).
The other approach was reading the docs for the service, but I don’t seem to be able to change anything from the cmd either

[UPDATE] NM Rooted! This box is a pain in the ***.
Anyway, for root, use the api, the webui is a joke

Hi all,
just wondering…
As the 80 and 443 are not open when i did my reco.
How a website can run in http://10.10.10.184 ? i don’t understand …
thanks for your replies

Type your comment> @forrest63 said:

Hi all,
just wondering…
As the 80 and 443 are not open when i did my reco.
How a website can run in http://10.10.10.184 ? i don’t understand …
thanks for your replies

I would re-do your recon.

Root just broke my brain… but i defeated him!!

c:\>whoami&hostname
nt authority\system
ServMon