Banging my head against a wall, so I have the user creds, just a nudge in the right direction, for the next step, I know I’m missing something
Rooted it. Good box for beginners (like me).
A few hints:
- look for the login creds in the bat files (grep “A” flag is your friend)
- The best hint for login was from @Jacker31:
Which year is it? Think like the user…
There is an exploit that will help you after that. It was “broken” and google is your friend to fix it. Search for the error. Also read the usage and you will know what to do.
PS - if you rooted the box please do not copy the root flag in the same place where the user flag is. It ruins the fun for others.
I’ve gotten the root flag, I was in the correct way but I was doing a little bit misktake.
my hint to help you is “is no only save you have to send as well”
cheers…
Type your comment> @Jacker31 said:
Type your comment> @Takao said:
I found the con********.o**.b*k the credentials but when i try to log in in the home page , it says: Login error .
I reseted the machine and tried again but its still doesnt work… somebody can help me?
Which year is it? Think like the user…
Oh my god! Thanks bro!
hi there , can anyone help me to decrypt the passwords ?
Got user (who didn’t?) and root+shell. Nice box. If anybody needs help for root feel free to ask.
Nice box, overall. A bit unbalanced with regard to user/root difficulty, at least in my opinion (or given my experience).
As advice, I would say:
- Be very careful when wondering the ftp, it hides some files/folders.
- If you don’t find the un-encrypted password in the file you are looking at, look for a different file with a similar name. The password is in plain text. Also, it’s not the current password, but you should be able to figure it out.
- If you can’t figure out how to get root, try installing the application (preferably in a virtual machine running a similar OS). You can get the exact same application version via ftp from
/Program\ Files\ \(x86\)/PRTG\ Network\ Monitor/PRTG\ Installer\ Archive/. Then install Process Hacker or Process Explorer (or Process Monitor) and see how the different data gathering scripts are launched.
Type your comment> @radualexp said:
As advice, I would say:
- Be very careful when wondering the ftp, it hides some files/folders.
- If you don’t find the un-encrypted password in the file you are looking at, look for a different file with a similar name. The password is in plain text. Also, it’s not the current password, but you should be able to figure it out.
I found both user and root hashes in the FTP. Still not sure if this was a misconfiguration of the box or if someone cancelled my reset before I logged in and they were just there.
someone please PM with p****** cred
Could anyone point me in the direction of getting root? PM please 
Got it Thanks for all the tips! feels great first root !
stop resetting machine
No one is changing any passwords, so stop resetting the machine. I don’t know whats the problem here really. Can’t even try to get a root shell because every few minutes someone resets the machine. So stop spreading false information!
Thank you to gilf0yle
I get the flag
Hey all,
I cannot find the login/index page for PR**, is it because the machine is crashing or I’m just not good? please inbox a hint for that. cheers!
ROOTED !!
PM for hints
It took longer to connect to the VPN than it did for user -_- I needed a confidence booster, thanks! ROFL
The amount of resets on this machine is absolutely staggering. Can’t get root because every 4 minutes someone is resetting it. My god.
Type your comment> @rumham said:
The amount of resets on this machine is absolutely staggering. Can’t get root because every 4 minutes someone is resetting it. My god.
same, sucks!
It’s impossible to get root when the box is reseted so frequently. I have literally put scripts ready to fire but found that someone changes the password on the web portal. I’ve been able to login to it like 10/20 times so either someone was giving me a bone or people keep changing the admin. Pretty annoying.