ServMon

@egorchel said:

Hi all,

Hopefully not a spoiler, just trying to get my head around something. Not necessarily specific to the box, just looking to understand the behaviour.

This might help https://forum.hackthebox.eu/discussion/comment/72042/#Comment_72042

I need some help: I did the s*h technique that’d allow you to access the forbidden page, still can’t access. I mean, it works because I get the reset error even when using localhost:serviceport in browser. But I think I shouldn’t be having the error at this point. I doubt I have to do something server-side. Maybe it has to do with my virtual machine network configuration? UFW is down, I’m not using bridge network adapter right now, instead using NAT.

Update: in fact, ++ port right now seems to be closed, I swear it.

Anyone can guide me on how to escalate the privilege in Windows?

Biggest tip for root, is not to use the GUI. Spent so much wasted time there. There is another stable way where you can upload your script and then execute. Happy to PM for hints.

Type your comment> @BarnY said:

Biggest tip for root, is not to use the GUI. Spent so much wasted time there. There is another stable way where you can upload your script and then execute. Happy to PM for hints.

I finally did it, man! Your hint really helped me, turns out I was being a little lazy when reading the documentation. Machine was bugged though, and I wasn’t being allowed to connect because certain port was closed. After resetting, everything worked as expected.

It took a bit of struggle, but got root after fighting with resets. Some what fun box and I learned some new tricks. That is what it is all about.

C:\Users\Administrator>whoami
whoami
nt authority\system

whoever is resetting the machine every 10 mins stop doing it

Can someone please help me with user? I already abused the vuln and have the creds. I tried all possible ports to login to, which nmap found. I thibk the right one is missing.

EDIT: Got it - never mind.

Type your comment> @Luemmel said:

Can someone please help me with user? I already abused the vuln and have the creds. I tried all possible ports to login to, which nmap found. I thibk the right one is missing.

Did you try all the users that you can login as?

User: Simple enumeration and chaining of vulnerabilities found to find interesting files will work well. That will lead you to gain access as a user on the box.

Root: This kind of sucked for a while. Enumerate interesting things on the box. Some things aren’t available to everyone so figure out how to access it. I ended up using a combination of the API and the GUI to run the script as I couldn’t get the API to execute the script on its own (if someone would PM me how they did this I’d appreciate it).

No, you don’t need to follow the exploit on ExploitDB and you don’t have to do the cron it tells you to do.

PM me if you’re stuck.

Awesome box! Thanks @dmw0ng for a great learning experience. If I can be of any help, just shoot me a DM. Thanks.

machine rooted!

@nyckelharpa Thanks for the advice.

All i can say is API documentation is necessary for rooting.

Capped user.txt. I believe I see the path to root, but will have to wait till tomorrow. Too many resets gotta be quicker I guess lol.

UPDATE : just submitted root flag :slight_smile: that was fun!!!

User: utilize scripts when enumerating, they can show low hanging fruit quickly.

Root: first, wait for the daily reset limit to be reached, it will happen people are resetting this box like crazy. Once you’re able to feel around check out the software. You can manipulate features of software sometimes and it runs with privileges.

The GUI not working, stuck two-day to see my sc__pt in q___y, no luck.

Just got root!
I got the GUI working now. The box is very buggy though, despite of working on it through a VIP server.

Type your comment> @6uta said:

The GUI not working, stuck two-day to see my sc__pt in q___y, no luck.

chromium works really well in this (for me at least)

I’m a total newbie, here.
So it seems like there’s definitely something to do with these \ssh keys on nmap right? My problem is I have no idea how to use them to get access. Can someone give me a nudge?

Type your comment> @TheodoreBell said:

I’m a total newbie, here.
So it seems like there’s definitely something to do with these \ssh keys on nmap right? My problem is I have no idea how to use them to get access. Can someone give me a nudge?

any other ports from your nmap scan?..
Suggest dig deeper :slight_smile:

@acidbat oof I was way off lol
I’ll get back to it later today and see where it takes me. Tyvm!

Type your comment> @Segf4ul7 said:

Finally rooted. Waited 2 days for less traffic to make the port forwarding work. But there was no need for that. Read the documentation clearly rather than following the CVE blindly. Box is unstable because people are killing it with resets. Pm for nudges
segf4ul7

I thought of using command line rather than the GUI but on most commands i get “access denied”. Like stop, start, etc…