Official Monitors Discussion

Wow, this box was definitely a challenge for me. Took me a few days.

Foothold: Enumerate. Once you find it, use it to enumerate even further, and look very carefully, you might miss something important. The last step to get the foothold can be a little frustrating but fight through it because you’re almost there.

User: Basic enumeration. If you get stuck, you might wanna try to look for something specific and really “reach out” for it.

Root: Be like El Chapo. Dig a tunnel and escape.

Rooted. Very nice box.

Spoiler Removed

Feel free to DM if you’re still stuck. > @NO53LF said:

This is a tough one… Found initial vuln and creds pretty quick but been going over the FS for a while and found some interesting stuff but still no indication on where to access it… I see references to Ca*** but brick walled now :confused:

Edit: I found by luck the ci-acc.log and /etc/apa2/sites-av***/mon*****.htb but no alias in there to point to any access… not sure what I’m missing?

Type your comment> @ch13fw0tj said:

Feel free to DM if you’re still stuck. > @NO53LF said:

This is a tough one… Found initial vuln and creds pretty quick but been going over the FS for a while and found some interesting stuff but still no indication on where to access it… I see references to Ca*** but brick walled now :confused:

Edit: I found by luck the ci-acc.log and /etc/apa2/sites-av***/mon*****.htb but no alias in there to point to any access… not sure what I’m missing?

Appreciate it… Got a nudge from a buddy and got user so on to root now!

I can read files, was able to find the directory of the webserver and read the coig files, got creds to m*l. From this point, I can’t find a way forward to create a reverse shell. Nor I can find anything to ssh. I’ve tried everything I know but no luck, and I’m out of ideas now. Someone, please give some hints on how to proceed.

Type your comment> @gs4l said:

I can read files, was able to find the directory of the webserver and read the coig files, got creds to m*l. From this point, I can’t find a way forward to create a reverse shell. Nor I can find anything to ssh. I’ve tried everything I know but no luck, and I’m out of ideas now. Someone, please give some hints on how to proceed.

Same here. Interesting but frustrating.

@gs4l said:
I can read files, was able to find the directory of the webserver and read the coig files, got creds to m*l. From this point, I can’t find a way forward to create a reverse shell. Nor I can find anything to ssh. I’ve tried everything I know but no luck, and I’m out of ideas now. Someone, please give some hints on how to proceed.

@grokgrok said:
Type your comment> @gs4l said:

I can read files, was able to find the directory of the webserver and read the coig files, got creds to m*l. From this point, I can’t find a way forward to create a reverse shell. Nor I can find anything to ssh. I’ve tried everything I know but no luck, and I’m out of ideas now. Someone, please give some hints on how to proceed.

Same here. Interesting but frustrating.

Look for the common files used with the vulnerability. A famous list will help

fell free to Dm me if you are stuck

Wooow that box was really really cool !
It turns out that you don’t need the user part to get root. That got me confused for a while as I was walking the root path unknowingly while trying to get user.
There are a lot of steps from recon to root, but except maybe the very last one, everything relies on having your eyes open and asking yourself the good questions. I can honestly say that if you get stuck on this box it’s only because you haven’t looked at the right place.

That was very enjoyable @TheCyberGeek

Got user, found something potentially promising, but I wonder if this could be a rabbit hole.
Did someone manage to make the exploit for local port 8*** work ? Been trying for some time, but even if the exploits complete, I’ve got no result on my listeners. The clues left in the user directory also seem to point another way, so maybe I’m not on the right track …

EDIT : Not a rabbit hole, an exploit will work for this service. Now I gotta escape from jail

So, after a ton of googling I took a hint and ultimately priv esc’d. I have not been able to connect the automated exploit to the vulnerable webserver when I search for exploits via google. I am wondering what search people used or what specifically they found on the box that led them to the exploit. I am curious about how people made that connection

rooted right now, I really liked this box. DM me for hints

I would appreciate a hint on foothold box - I am pretty sure I am on the right track but I can’t move further

What a fantastic box! @TheCyberGeek thank you so much, I had a blast. This box contains a lot of learning and fun. Reading other people’s hints on how to get to root, there’s nothing I’d like to add. Enumeration, Google, be persistent and be sure to enjoy the wild ride!

DM me for hints.

Type your comment> @StefLan said:

I would appreciate a hint on foothold box - I am pretty sure I am on the right track but I can’t move further
Finally got it lol

Got root finally, after few hints. Very hard machine.

Hint for root: not setting forceexploit true costed me two days of headbanging…

Got root. I think this VM should be classified as medium

I’ve found rem*** fi** Inc****** and therefore creds to db, but at this point i’m stuck. Can I ask for any hint?

Rooted…!! I am not a Guru but this has to be the easiest hard-rated machine ever…This box really should be medium. I admit, the root part was a real pain but as a whole, I don’t think this should be a hard box.

Foothole:
Read your scans well, Don’t even miss one [+] and see if you can get the one out of “top ten”.
Not only Github has wordlists “Hacktricks” does too.

User:
Enumerate the FS well, It’s a guessing game (Home sweet home).
Some people really love /bin/“sh” than /bin/bash.

Root:
How can I get a PID
“man ssh” and console is always useful
Pentester Academy is a place where you can learn a lot of stuff

I hope these little hints will help you…If you need help just DM me…I will try my best to help you