ServMon

hey anybody need a nudge im here to help.

Getting user is easy, and privesc is what i can help you with.

pass some respect whilst you are at it

Rooted with some great help from TazWake very patient and very helpful.

Why is this box behaving so unstable ??

Whenever I upload n*.**e it is automatically removed and even if I am able to execute the curl command I get a message saying that it cannot execute the program.Been stuck at this for days, Can anyone help me with this…

EDIT:Rooted, Learnt a lot from this machine, PM if you need help. API is the way.

Rooted some days ago. Pretty easy if you use API, some searches on Google will help you find what vulnerability to use in order to get user credentials. After that, you’re gonna need a lot of patience if you want to use the GUI of ++. If you use API this is gonna be a lot easier.
Hope this is not too much of a spoiler, PM me if you’re stuck and you need help!

because ++ is so unstable, instead of ‘reload’ log out then in

The GUI was very shitty, I really recommend using the API and reading the relevant parts of the docs and doing it through the API.

Finally rooted!

For root, never forget to read the docs and develop a good understanding for how to operate the application!

Ultimately, I recommend learning the application well enough to exploit it in an opsec-safe way. If you play with it enough, you will prune different assumptions and hypothesis you may have about the application and also learn why everyone may be accidentally DOS’ing the server in a failed attempt to escalate their privileges (I was also guilty of this).

PM me if you need a nudge! :slight_smile:

Have just been able to get user, stuck on Root access. I was trying to navigate via the UI but have since learnt it was pretty bad so i have given up that route. I am now navigating via the API calls.

Without giving too much away, I understand where to execute these commands, using Curl i have added e***.bat however I cant seem to execute. anyone else experienced the same issue?

Type your comment> @SquiDz0r said:

Have just been able to get user, stuck on Root access. I was trying to navigate via the UI but have since learnt it was pretty bad so i have given up that route. I am now navigating via the API calls.

Without giving too much away, I understand where to execute these commands, using Curl i have added e***.bat however I cant seem to execute. anyone else experienced the same issue?

Try using powershell -c (some command).DownloadFile(‘somethingfromSomewhereTovictim’)

I was able to read the config of the ++ tool, I know the password and the allowed host, can someone PM me how to proceed here? This is new to me and I would like to have a small hint.

Man this box is bad…

Hints:
Look at what you find, the first CVEs/exploits you find on search engines is most likely what you’re looking for

rooted! API is super easy once you get understand exactly how the commands work. You can’t just run the commands out of the box. The GUI sucks big time > don’t waste your time!

Got user fairly quick, then found out there was a special service running. Read some about the service and think I found how to proceed, got too many error messages and the connectivity just wasn’t working, saw many people uploading files to the box. Man it’s so frustrating so I quit trying root.

Does anybody know why the box was already retired although it is still quite new? I always thought the boxes are being retired in the order that they were published in, but obviously not.

Type your comment> @nyckelharpa said:

Does anybody know why the box was already retired although it is still quite new? I always thought the boxes are being retired in the order that they were published in, but obviously not.

this box is not retired. It’s still active.

Finally finished this box.
Learned a few things along the way. I’m still very new to this, so this was a great learning experience. And honestly, a confidence booster.

Hope the below isn’t a spoiler.

Foothold: Just enumerate. Then look for the clue. Research what’s running on the box, and there’s a ready built exploit for it. Use the clue inform your use of the exploit.

User: Use the data from the foothold, then just keep trying that information against the various services you find running.

Root: Read what the others have said. From the user level, read the configuration file. Then think about how to tunnel your way in. There’s a well documented exploit, but just read it and think about what it is telling you to do.

I used the API to do the same tasks. You can create your event data, and trigger your magic event all with the API.

@icthus1 said:

@nyckelharpa said:
Does anybody know why the box was already retired although it is still quite new? I always thought the boxes are being retired in the order that they were published in, but obviously not.

this box is not retired. It’s still active.

It is retired. There’s just a grace period of a week or something where retired machines are still available to non VIP users.

As for why it got retired earlier than others, I guess just the review scores. It had the lowest score out of all the live Windows machines and this thread is full of people complaining about it being unstable. Personally I didn’t have any issues with it, but seems others did

@icthus1 said:

Type your comment> @nyckelharpa said:

Does anybody know why the box was already retired although it is still quite new? I always thought the boxes are being retired in the order that they were published in, but obviously not.

this box is not retired. It’s still active.

Very much on the retired list right now. It is available but that is just because the most recent retired box is always still available.

Quite a few walkthroughs on Login :: Hack The Box :: Penetration Testing Labs

I’ve no idea why it retired so early (it only went live in April) and there are older easy boxes which could have been replaced. I suspect it may be linked to how many people say they had issues with exploiting the box. Sadly, I am convinced 51% of these issues were down to people not knowing how the exploitation worked and getting frustrated (especially as lots of people were trying to follow the ExploitDB code without understanding it, which meant they tried to restart the service, breaking the box for everyone).

Type your comment> @icthus1 said:

Type your comment> @nyckelharpa said:

Does anybody know why the box was already retired although it is still quite new? I always thought the boxes are being retired in the order that they were published in, but obviously not.

this box is not retired. It’s still active.

It says it was retired when I came back to it this week.

Also can anyone give me a nudge? User was pretty easy and Im in as that user but Im not sure where to look for her.