ServMon

Why is n* deleted everytime I upload it a certain folder? I can’t execute script with nsclient service if n* is not present on machine. I am literally an inch away from root using A**. Tried with ssh but can’t execute commands on remote system when mixing ssh with n* listener. Alternatives like t***** are also not present. Will try more alternative shells as a strategy but it would really be nice if n* wasn’t deleted immediately after upload. Can someone pm me with n* alternatives that will work on this box? Thanks ahead of time. Almost there…Grrrr… : )

There is a cleanup script that runs often, but you should definitely have time to transfer tools and payloads and execute before it runs

how to reload?

Type your comment> @sh0wa said:

Hey, I could need some help with the AI way to privesc, since the webui is buggy as ■■■■…even with the blue icon browser. Currently I am able to load things but don’t know how to add those “custom” scripts and how to deal with the S*****r via the AI

Just like sh0wa i got stuck on the api. I’ve read some documentation about the API and the exploit. I have to add my external script to the n*****.**i. But I’ve no clue how to do this. I never used an API before. Can someone give me a nudge?

Rooted! User was for me as a beginner not that hard to get but root cracked my brain for a while yesterday. The API documentation you can find online should give you a clue to be able to use a certain exploit that also can be found via Google. I never used API’s before so it was a deep dive for me. Had fun and learned a lot!

My personal hint for root: you don’t need to reinvent the wheel if you already have a wheel to use. :slight_smile:

If you need some more help feel free to PM.

Type your comment> @purplenavi said:

Type your comment> @n3wb1en3w9999 said:

Type your comment> @purplenavi said:

Type your comment> @VbScrub said:

Type your comment> @purplenavi said:

Is the nsclient supposed to come back up after you restart it? Or are you supposed to not restart it?

Don’t restart it. Apparently that breaks it and the machine has to be reset

Thanks! Found another way, pretty easy but fun box :blush:

PM if you need a hint!

I cannot PM but would appreciate a hint been stuck for 4 hours on the api bit
If you’ve correctly uploaded your script, you should find it in somewhere else than settings in the web UI

Cant seem to access it through Qu**** or Co***** features on GUI

Finally rooted. A truly awful machine.

User: enum enum enum. Straightfoward, if you have issues its likely syntax.

Root: api is pretty useless but pick through what is described. Use GUI too

Hi Guys

Anybody willing to give me a hint…I have user but I have no idea what to do regarding the ++ application to get to root…the tips talk about UI etc and all I can find in the ini file is the password…what am I supposed to do?

Type your comment> @WarrenVos said:

Hi Guys

Anybody willing to give me a hint…I have user but I have no idea what to do regarding the ++ application to get to root…the tips talk about UI etc and all I can find in the ini file is the password…what am I supposed to do?

Maybe try accessing the application from the browser using the password from the ini-file? And if you’re still unable to log in, check the ini-file for hints on from where you can log in. Maybe check out chisel?

I can login to the web gui with password found in *.ini but later cannot add a required script or a scheduled task. The Add buttons are not doing anything. I can click but nothing happens. Is this regular or the problem is in me or my browser? Thanks.

@WarrenVos said:

Hi Guys

Anybody willing to give me a hint…I have user but I have no idea what to do regarding the ++ application to get to root…the tips talk about UI etc and all I can find in the ini file is the password…what am I supposed to do?

If you google the application name + API you can get a link to some very useful API documentation. It’s a bit of a steeper learning curve but exploitation via the API is eventually easier and more useful for other scenarios.

Type your comment> @manfred said:

I can login to the web gui with password found in *.ini but later cannot add a required script or a scheduled task. The Add buttons are not doing anything. I can click but nothing happens. Is this regular or the problem is in me or my browser? Thanks.

You should try to look for a way to upload your script without the UI.

So working on root, but for some reason nc keeps being deleted. This was not a problem the other day, but seems to be a new development. Anyone else experiencing this issue?

Type your comment> @Reddsec said:

So working on root, but for some reason nc keeps being deleted. This was not a problem the other day, but seems to be a new development. Anyone else experiencing this issue?

Could be the AV of Windows that detects it as a threat.
Download a newer version of nc.exe or ncat.exe

Terrible box, unstable and dosing it all the time by newbies

Hi everybody, I seem to have trouble submitting the hash for the admin user (own root).
I’ve done the box twice now and indeed i got a different result each time. However on the second attempt I did it as fast as I possibly could and it [the hash] still wouldn’t get accepted. The same goes for the user hash
Am I doing something wrong?
I would very much appreciate some feedback on this. PS: I am not on VIP and I already used my quota of resets for today
/edit: I have done the box for the third time now, yielding yet another hash which again is not accepted. I am starting to think this may work on a first come first serve basis? or so far, everybody who got the admin hash changed it thereafter

@slss said:

/edit: I have done the box for the third time now, yielding yet another hash which again is not accepted. I am starting to think this may work on a first come first serve basis? or so far, everybody who got the admin hash changed it thereafter

The dynamic hashes should be valid until the next reset. There may be problems with how they are implemented and it is certainly worth letting HTB know by raising a ticket on Jira: Jira Service Management

If they dont know the problem exists, they cant fix it.

Type your comment> @acidbat said:

Type your comment> @Reddsec said:

So working on root, but for some reason nc keeps being deleted. This was not a problem the other day, but seems to be a new development. Anyone else experiencing this issue?

Could be the AV of Windows that detects it as a threat.
Download a newer version of nc.exe or ncat.exe

I did find a version that works. thank you

Hey!

I need help being root!

Can someone come in please? :slight_smile:
Thx!!!

I am trying for root for last days. Wherever I put nc.exe or my powershell one liner the AV deletes it. Can someone please send me DM about how they get the root.

It doesn’t matter I created my script from GUI or API, anti-virus deletes my files in any case.