ServMon

12426282930

Comments

  • @Everlastdg - I support the recommendation, I gave up on the web interface and managed to get nt authority once the machine decided to stop playing silly b*ggers!

  • I cant seem to get the ini file for the password. Is it in a special folder?

  • I've got the bits and can see what it's supposed to do.....just not sure how to do it.
    Would "visible studios" help me at all?

  • Done machine, really clunky at times, but good enough to push through it, anyone who needs help with it, can PM saying what you have tried.

    C:\Users\Administrator\Desktop>whoami
    nt authority\system
    
    C:\Users\Administrator\Desktop>ipconfig
    ipconfig
    Windows IP Configuration
    Ethernet adapter Ethernet0 2:
       Connection-specific DNS Suffix  . : 
       IPv6 Address. . . . . . . . . . . : dead:beef::18ed:7b41:aba8:7c59
       Temporary IPv6 Address. . . . . . : dead:beef::38fc:ce2a:99af:d19
       Link-local IPv6 Address . . . . . : fe80::18ed:7b41:aba8:7c59%3
       IPv4 Address. . . . . . . . . . . : 10.10.10.184
    

    Hack The Box

  • Noob here; could use a nudge. I have C****.txt and P****.txt. Tried to used them on ftp and SSH. What am I missing. Please send nudge via PM. thx

  • @Klink said:

    Noob here; could use a nudge. I have C****.txt and P****.txt. Tried to used them on ftp and SSH. What am I missing. Please send nudge via PM. thx

    Depending on what C****.txt and P****.txt are, it might be worth double-checking how you are trying to use them.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Don't be like me. When I was first poking around I interpreted the result I got poking in the obvious place as a pair of headers rather than a result. Oops, that wasted a bunch of time.

    LegendarySpork

    LegendarySpork

  • This box is making my eye twitch, tunnels were working, UI was up and running, tried making a change to run my special sauce and then boom out of nowhere the service died. Frustrating beyond belief.

    GRID, GPEN

  • edited May 2020

    Rooted the box using the API..

    Anyone can give me idea how it can be completed with GUI? Please PM!!

  • Anyone get a PR_End_of_file_error? I tried a bunch of variations...could someone pm me please? Not sure if I'm using the tunnel wrong or if there is a separate issue. Thank you

    Arrexel

  • Stuck on root. Used a portion of a vulnerability from exploit-db to GET user, then found a way to use the credentials on some low hanging fruit to get myself logged in. I can do stuff, but nothing with admin creds. Tried some sneaky tricks like transferring a reverse shell over and trying to execute it but don't have sufficient rights as the user I'm logged in as. Searching the forum I understand I need to exploit the a service but using an API. I found a manual pertaining to the service I used the exploit-db POC to get my user foothold with but it doesn't mention an API anywhere in that manual. I see one other "higher" service of interest but not having any luck. Any nudges would be greatly appreciated.

  • @bamafan1981 said:

    Any nudges would be greatly appreciated.

    Google the service name and API - you should get a link to some good documentation.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Finally managed to get user and root, first box I do on my own and I feel like I really struggled compared to a lot of people here.

    Can I PM anyone that found the box easy with the process I took? Would really appreciate some pointers as to what I could have done better.

  • got user really easy. PM is need a hint

    going into root now

  • The user is easy, but I can't move forward with rev shell for got root

  • Got root this a great box. The @Everlastdg tip was excelent!!

  • Hi all,

    Hopefully not a spoiler, just trying to get my head around something. Not necessarily specific to the box, just looking to understand the behaviour.

    When using firefox, wget or even python to run http request containing ../
    All instances of ../ get removed from the actual request being sent to the host - I can see that in wireshark, so in this particular case things work fine with just a telnet request or using burp to get the necessary stuff from the box.

    I've searched around, but cannot seem to find an explanation for the behaviour or way to turn it off. I'd be interested how to address this particularly in python requests library.

    Thanks in advance!

  • edited May 2020

    Jesus, what a tricky machine. Well, user was pretty easy, but rooting was a total pain in the ass. (Not because of hard ways to root or smth like that but because of that "user-friendly service")

    PM for nudge

  • Hey All

    this is my first try on the box.

    I am trying to get the user flag, i was able to get the P********.txt but none of them is working on the port 80, SMB. I dont have any users so i am trying the normal users..

    Any guidance is appreciated.

    Thanks

  • Looking for a hint for Initial foot hold. Feel like I am running in a circle here

  • @egorchel said:

    Hi all,

    Hopefully not a spoiler, just trying to get my head around something. Not necessarily specific to the box, just looking to understand the behaviour.

    This might help https://forum.hackthebox.eu/discussion/comment/72042/#Comment_72042

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • edited May 2020

    I need some help: I did the s*h technique that'd allow you to access the forbidden page, still can't access. I mean, it works because I get the reset error even when using localhost:serviceport in browser. But I think I shouldn't be having the error at this point. I doubt I have to do something server-side. Maybe it has to do with my virtual machine network configuration? UFW is down, I'm not using bridge network adapter right now, instead using NAT.

    Update: in fact, ++ port right now seems to be closed, I swear it.

  • Anyone can guide me on how to escalate the privilege in Windows?

  • Biggest tip for root, is not to use the GUI. Spent so much wasted time there. There is another stable way where you can upload your script and then execute. Happy to PM for hints.

    Hack The Box
    OSCP | CISSP | CEH | CCNA

  • Type your comment> @BarnY said:

    Biggest tip for root, is not to use the GUI. Spent so much wasted time there. There is another stable way where you can upload your script and then execute. Happy to PM for hints.

    I finally did it, man! Your hint really helped me, turns out I was being a little lazy when reading the documentation. Machine was bugged though, and I wasn't being allowed to connect because certain port was closed. After resetting, everything worked as expected.

  • It took a bit of struggle, but got root after fighting with resets. Some what fun box and I learned some new tricks. That is what it is all about.

    C:\Users\Administrator>whoami
    whoami
    nt authority\system

  • whoever is resetting the machine every 10 mins stop doing it

  • edited May 2020

    Can someone please help me with user? I already abused the vuln and have the creds. I tried all possible ports to login to, which nmap found. I thibk the right one is missing.

    EDIT: Got it - never mind.

    Best regards Luemmel

    OSCP
    Luemmel

  • Type your comment> @Luemmel said:

    Can someone please help me with user? I already abused the vuln and have the creds. I tried all possible ports to login to, which nmap found. I thibk the right one is missing.

    Did you try all the users that you can login as?

  • edited May 2020

    User: Simple enumeration and chaining of vulnerabilities found to find interesting files will work well. That will lead you to gain access as a user on the box.

    Root: This kind of sucked for a while. Enumerate interesting things on the box. Some things aren't available to everyone so figure out how to access it. I ended up using a combination of the API and the GUI to run the script as I couldn't get the API to execute the script on its own (if someone would PM me how they did this I'd appreciate it).

    No, you don't need to follow the exploit on ExploitDB and you don't have to do the cron it tells you to do.

    PM me if you're stuck.

    MrHyde

Sign In to comment.