ServMon

I’ve got the bits and can see what it’s supposed to do…just not sure how to do it.
Would “visible studios” help me at all?

Done machine, really clunky at times, but good enough to push through it, anyone who needs help with it, can PM saying what you have tried.

C:\Users\Administrator\Desktop>whoami
nt authority\system

C:\Users\Administrator\Desktop>ipconfig
ipconfig
Windows IP Configuration
Ethernet adapter Ethernet0 2:
   Connection-specific DNS Suffix  . : 
   IPv6 Address. . . . . . . . . . . : dead:beef::18ed:7b41:aba8:7c59
   Temporary IPv6 Address. . . . . . : dead:beef::38fc:ce2a:99af:d19
   Link-local IPv6 Address . . . . . : fe80::18ed:7b41:aba8:7c59%3
   IPv4 Address. . . . . . . . . . . : 10.10.10.184

Noob here; could use a nudge. I have C****.txt and P****.txt. Tried to used them on ftp and SSH. What am I missing. Please send nudge via PM. thx

@Klink said:

Noob here; could use a nudge. I have C****.txt and P****.txt. Tried to used them on ftp and SSH. What am I missing. Please send nudge via PM. thx

Depending on what C****.txt and P****.txt are, it might be worth double-checking how you are trying to use them.

Don’t be like me. When I was first poking around I interpreted the result I got poking in the obvious place as a pair of headers rather than a result. Oops, that wasted a bunch of time.

This box is making my eye twitch, tunnels were working, UI was up and running, tried making a change to run my special sauce and then boom out of nowhere the service died. Frustrating beyond belief.

Rooted the box using the API…

Anyone can give me idea how it can be completed with GUI? Please PM!!

Anyone get a PR_End_of_file_error? I tried a bunch of variations…could someone pm me please? Not sure if I’m using the tunnel wrong or if there is a separate issue. Thank you

Stuck on root. Used a portion of a vulnerability from exploit-db to GET user, then found a way to use the credentials on some low hanging fruit to get myself logged in. I can do stuff, but nothing with admin creds. Tried some sneaky tricks like transferring a reverse shell over and trying to execute it but don’t have sufficient rights as the user I’m logged in as. Searching the forum I understand I need to exploit the a service but using an API. I found a manual pertaining to the service I used the exploit-db POC to get my user foothold with but it doesn’t mention an API anywhere in that manual. I see one other “higher” service of interest but not having any luck. Any nudges would be greatly appreciated.

@bamafan1981 said:

Any nudges would be greatly appreciated.

Google the service name and API - you should get a link to some good documentation.

Finally managed to get user and root, first box I do on my own and I feel like I really struggled compared to a lot of people here.

Can I PM anyone that found the box easy with the process I took? Would really appreciate some pointers as to what I could have done better.

got user really easy. PM is need a hint

going into root now

The user is easy, but I can’t move forward with rev shell for got root

Got root this a great box. The @Everlastdg tip was excelent!!

Hi all,

Hopefully not a spoiler, just trying to get my head around something. Not necessarily specific to the box, just looking to understand the behaviour.

When using firefox, wget or even python to run http request containing …/
All instances of …/ get removed from the actual request being sent to the host - I can see that in wireshark, so in this particular case things work fine with just a telnet request or using burp to get the necessary stuff from the box.

I’ve searched around, but cannot seem to find an explanation for the behaviour or way to turn it off. I’d be interested how to address this particularly in python requests library.

Thanks in advance!

Jesus, what a tricky machine. Well, user was pretty easy, but rooting was a total pain in the ■■■. (Not because of hard ways to root or smth like that but because of that “user-friendly service”)

PM for nudge

Hey All

this is my first try on the box.

I am trying to get the user flag, i was able to get the P********.txt but none of them is working on the port 80, SMB. I dont have any users so i am trying the normal users…

Any guidance is appreciated.

Thanks

Looking for a hint for Initial foot hold. Feel like I am running in a circle here

@egorchel said:

Hi all,

Hopefully not a spoiler, just trying to get my head around something. Not necessarily specific to the box, just looking to understand the behaviour.

This might help https://forum.hackthebox.eu/discussion/comment/72042/#Comment_72042

I need some help: I did the s*h technique that’d allow you to access the forbidden page, still can’t access. I mean, it works because I get the reset error even when using localhost:serviceport in browser. But I think I shouldn’t be having the error at this point. I doubt I have to do something server-side. Maybe it has to do with my virtual machine network configuration? UFW is down, I’m not using bridge network adapter right now, instead using NAT.

Update: in fact, ++ port right now seems to be closed, I swear it.