Netmon

noorqureshi · March 19, 2019, 9:04pm

I found two ways of getting root… let me know if you need hint.

Virgula · March 19, 2019, 9:36pm

Worst machine ever, useless resets 24/7 by users and not an interesting machine in exploit at all. Rated negative.

FalconSpy · March 20, 2019, 1:00am

Wasn’t expecting root to be as easy as it was. Although I haven’t ever done a whole lot of CTF this kind of felt like a OSCP lab host.

dastan9408 · March 20, 2019, 12:12pm

Rooted this box,PM me for hints!
Before asking show me what you have done first

Virgula · March 20, 2019, 5:19pm

@xAndreei said:

Some autistic kid just dropped the root.txt inside the F** service and ruining the challenge for everyone, please …

He’s right, it’s just an easiest way to get root and if you have understood the vulnerability as well you will also understand why. Anyway I rated negative machine itself for this reason, it’s bad built machine just from the beginning. It’s not user fault to have dropped that root.txt to ftp

adamczi · March 20, 2019, 9:39pm

hey this one got restarted 3 times in a few minutes, please

0Celsius · March 20, 2019, 9:41pm

scriptkiddies spreads here

henjoe · March 20, 2019, 11:26pm

Complete noob here, but any other pointers besides “think like a user” to get the user ?

agski33 · March 20, 2019, 11:33pm

Complete noob here as well, I was able to get user, I think i found the password for the admin account of prtg, but its still saying the login was unsuccessful and im not sure where to go from here. If anyone can help through dms that would be great, thanks

dcdesmond · March 20, 2019, 11:42pm

This box is really hard to just try! This constant reset is killing! Gonna try during a lower trafic on the site

kiteboarder · March 21, 2019, 12:13am

Going through the same thing too. Having trouble logging in to the site. I found the admin credentials based on the breadcrumbs mentioned (vulnerabilities on the application…) but still could not log in. I’m not sure what else to try. As I go through the forums I get mixed vibes whether the resets are what’s preventing me from logging in or I’m basically typing in the wrong admin username and password. Please help if you can, not looking for a spoiler but a nudge to the right direction.

kiteboarder · March 21, 2019, 12:16am

Finally logged in. “Think like the user”

jattion · March 21, 2019, 2:49am

I have found the cred to log in to the P*** site and found a blog post for possible vuln. But i can seem to replicate it myself especially since transfering files to N*******/E*** is forbidden. Am i going the right way? LOL been at this for like 2 hours…HAHAHA

dmw0ng · March 21, 2019, 11:58am

Having just signed up for this and being a noob, I attempted this machine. With the reboots going on, it was difficult to do any of the browsing required. After a couple of days trying, I finally got root. Not that this machine was difficult, but being the first one completed was a fist pump moment. I just hope other machines are not like this one with the multiple disconnects. Was fun for my first one though. My take on this;

Enumerate and remember things can be hidden in plain site. It was the hidden portions that got me to begin with and it’s all plain sailing after that.

coopertim13 · March 21, 2019, 3:18pm

I have gotten the password from P*** C************.o**.b** and I know from reading the forum this needs to be edited slightly for the web login, but I can’t seem to get it. I have taken the hint with ‘what year is it’ and changed the last digit, but I can’t figure out what this ‘think like a user’ hint means… can someone please dm me or give an extra hint? Thanks

henjoe · March 21, 2019, 6:38pm

feel so stupid for asking… but would someone be able to pm some pointers to user :D?

EDIT! And just like that… i got user by myself!

coopertim13 · March 21, 2019, 10:58pm

@coopertim13 said:

I have gotten the password from P*** C************.o**.b** and I know from reading the forum this needs to be edited slightly for the web login, but I can’t seem to get it. I have taken the hint with ‘what year is it’ and changed the last digit, but I can’t figure out what this ‘think like a user’ hint means… can someone please dm me or give an extra hint? Thanks

Had the right password the whole time, just had to reset the box for it to work. Pretty dumb.

Kalimoe · March 21, 2019, 11:12pm

Can someone PM me. I got the pw for admin for the WebAPP. I also run exploit and create new user but don’t know how to go ahead.

montyongoXOR · March 22, 2019, 5:13am

Does anyone want to throw me a hint on the syntax for the notification? Found the cve but… Lost

jasonladias · March 22, 2019, 9:25am

Hello to everyone. Supernoob here. Netmon is my first box. So user was supereasy even for me. it needed 2 minutes to find it. As far the root is concerned i found the vulnerability, i found the exploit i am going to use, but i can’t find the credentials in order to use the exploit properly. I am lost inside the F** and the problem is i don’t know where to look at. Am i in the right direction or i am going to be lost 4 ever in F**. Thanks in advance