Its working nowā¦
And that is root.
Iāve seen a lot of negativity towards this box, but have not over the last few days experienced any of the issues stated. I use a VIP subscription, maybe that has been the difference.
However, there are ways to root this box and ways not to. Iām not sure on the rules for submission, but I canāt for one second believe that rebooting a machine is allowed, so if a script that you find on a very popular database says to do this, I would probably start thinking there must be another way. I wouldnāt reboot the machine and upset other hackers. Just my thoughts, but thatās how I perceive it.
Otherwise, thanks for a really interesting box @dmw0ng , thanks also to @VbScrub and @LOLOLEKIK for getting me over the final hurdle.
I had to take a hint or two to get root on this one, but just want to say people are being too rough on this box. Iām sure at release with a lot of people reading a certain exploit, that it got reset and jumbled a lot.
I had a good time refreshing certain skills and learned a bit.
Thanks for box creator.
Could do with a nudge on the last part of the API commands if anyones about, canāt quite get it
rooted.
Here are my hints:
- user: start from lower port enum and then use those information by means of next port
- root: find service exploitation and DONāT RESTART SERVMON it is not necessary.
PM me for more hints.
Nmap told me up front about a port that you check out its content for free After looking at what this serverās main purpose is, google the service. Youāll find a nice PoC on DB. Knowing windows paths will help.
edit:
rooted, inbox open for help with root.
Drove me mad.
Cheers to anyone who helped
Este es mi segundo post por aquĆ,
Usuario: CVE y enumeraciĆ³n simple.
root: La verdad que no es necesario acceder a la web de ********++, ni seguir al pie de la letra el exploit encontrado, solo es cuestiĆ³n de entender como funciona la vulnerabilidad. Recuerda que tiene una API, una lectura a la guĆa es el mejor camino. Luego de ello sabrĆ”s que ni es necesario reiniciar nada. Good Luck!
Cualquier empujĆ³n PM.
#Spanish
finally rooted!
finally rooted !!
this machine is very unstable, no need to reboot or reset it, losing connection all the time is f**** annoying
This is very frustrating, I know what I need to do regarding āthe serviceā for root, I have my .b and n.e* on the box.
My struggle here is the whole driving through the tunnel stuff, can someone provide a useful resource to read up on this? (I have never done it before).
The other approach was reading the docs for the service, but I donāt seem to be able to change anything from the cmd either
[UPDATE] NM Rooted! This box is a pain in the ***.
Anyway, for root, use the api, the webui is a joke
Hi all,
just wonderingā¦
As the 80 and 443 are not open when i did my reco.
How a website can run in http://10.10.10.184 ? i donāt understand ā¦
thanks for your replies
Type your comment> @forrest63 said:
Hi all,
just wonderingā¦
As the 80 and 443 are not open when i did my reco.
How a website can run in http://10.10.10.184 ? i donāt understand ā¦
thanks for your replies
I would re-do your recon.
Root just broke my brainā¦ but i defeated him!!
c:\>whoami&hostname
nt authority\system
ServMon
rooted with the api. pretty straight forward once you find the commands.
Type your comment> @skunk said:
Type your comment> @forrest63 said:
Hi all,
just wonderingā¦
As the 80 and 443 are not open when i did my reco.
How a website can run in http://10.10.10.184 ? i donāt understand ā¦
thanks for your repliesI would re-do your recon.
Thanks @skunk,
Using masscan usually, nmap gave me the 22 and the 80 !
Is anyone able to help, Iām on ssh looking at user.txt wondering how I can view the hash. is SCP the command I need to learn?
I got the user flag, but I am curious is it possible to execute commands using the n**s vulnerability and how ? I understand navigating to cmd will output the programsā text contents, but it will not execute it.
Type your comment> @primaldeath89 said:
Is anyone able to help, Iām on ssh looking at user.txt wondering how I can view the hash. is SCP the command I need to learn?
āmore user.txtā
User is straightforward for forget the browser try Curl + API