ServMon

Its working nowā€¦

And that is root.

Iā€™ve seen a lot of negativity towards this box, but have not over the last few days experienced any of the issues stated. I use a VIP subscription, maybe that has been the difference.

However, there are ways to root this box and ways not to. Iā€™m not sure on the rules for submission, but I canā€™t for one second believe that rebooting a machine is allowed, so if a script that you find on a very popular database says to do this, I would probably start thinking there must be another way. I wouldnā€™t reboot the machine and upset other hackers. Just my thoughts, but thatā€™s how I perceive it.

Otherwise, thanks for a really interesting box @dmw0ng , thanks also to @VbScrub and @LOLOLEKIK for getting me over the final hurdle.

I had to take a hint or two to get root on this one, but just want to say people are being too rough on this box. Iā€™m sure at release with a lot of people reading a certain exploit, that it got reset and jumbled a lot.

I had a good time refreshing certain skills and learned a bit.

Thanks for box creator.

Could do with a nudge on the last part of the API commands if anyones about, canā€™t quite get it :slight_smile:

rooted.
Here are my hints:

  • user: start from lower port enum and then use those information by means of next port
  • root: find service exploitation and DONā€™T RESTART SERVMON it is not necessary.

PM me for more hints.

Nmap told me up front about a port that you check out its content for free :wink: After looking at what this serverā€™s main purpose is, google the service. Youā€™ll find a nice PoC on DB. Knowing windows paths will help.

edit:
rooted, inbox open for help with root.
Drove me mad.
Cheers to anyone who helped :smiley:

Este es mi segundo post por aquĆ­,

Usuario: CVE y enumeraciĆ³n simple.
root: La verdad que no es necesario acceder a la web de ********++, ni seguir al pie de la letra el exploit encontrado, solo es cuestiĆ³n de entender como funciona la vulnerabilidad. Recuerda que tiene una API, una lectura a la guĆ­a es el mejor camino. Luego de ello sabrĆ”s que ni es necesario reiniciar nada. Good Luck!

Cualquier empujĆ³n PM.

#Spanish

finally rooted!

finally rooted !!
this machine is very unstable, no need to reboot or reset it, losing connection all the time is f**** annoying

This is very frustrating, I know what I need to do regarding ā€œthe serviceā€ for root, I have my .b and n.e* on the box.
My struggle here is the whole driving through the tunnel stuff, can someone provide a useful resource to read up on this? (I have never done it before).
The other approach was reading the docs for the service, but I donā€™t seem to be able to change anything from the cmd either

[UPDATE] NM Rooted! This box is a pain in the ***.
Anyway, for root, use the api, the webui is a joke

Hi all,
just wonderingā€¦
As the 80 and 443 are not open when i did my reco.
How a website can run in http://10.10.10.184 ? i donā€™t understand ā€¦
thanks for your replies

Type your comment> @forrest63 said:

Hi all,
just wonderingā€¦
As the 80 and 443 are not open when i did my reco.
How a website can run in http://10.10.10.184 ? i donā€™t understand ā€¦
thanks for your replies

I would re-do your recon.

Root just broke my brainā€¦ but i defeated him!!

c:\>whoami&hostname
nt authority\system
ServMon

rooted with the api. pretty straight forward once you find the commands.

Type your comment> @skunk said:

Type your comment> @forrest63 said:

Hi all,
just wonderingā€¦
As the 80 and 443 are not open when i did my reco.
How a website can run in http://10.10.10.184 ? i donā€™t understand ā€¦
thanks for your replies

I would re-do your recon.

Thanks @skunk,
Using masscan usually, nmap gave me the 22 and the 80 !

Is anyone able to help, Iā€™m on ssh looking at user.txt wondering how I can view the hash. is SCP the command I need to learn?

I got the user flag, but I am curious is it possible to execute commands using the n**s vulnerability and how ? I understand navigating to cmd will output the programsā€™ text contents, but it will not execute it.

Type your comment> @primaldeath89 said:

Is anyone able to help, Iā€™m on ssh looking at user.txt wondering how I can view the hash. is SCP the command I need to learn?

ā€œmore user.txtā€

User is straightforward for forget the browser try Curl + API