Netmon

LifeHacker42 · April 4, 2019, 8:47pm

Jeez haven’t been on htb for a while and im starting to feel it managed to get user easy with no creds but i’m actually a little stuck thinking about where to go from here if anyone has got a nice nudge for me it’d be greatly appreciated

T1nd19d · April 4, 2019, 9:43pm

Any hint please ? I got the R*E working, but unable to get a connection back, only file download.

SilentNL · April 4, 2019, 10:34pm

I have the same issue. The R*C working with the correct cookie. And it seems like it’s creating a user. But I cannot connect with the newly created user (FTP or SMB). Can someone give me a tip?

d8ll0 · April 4, 2019, 11:00pm

@SilentNL said:

I have the same issue. The R*C working with the correct cookie. And it seems like it’s creating a user. But I cannot connect with the newly created user (FTP or SMB). Can someone give me a tip?

How can you know if the user has been created?
If you read the source code, you will find the sign of that.

After that, if you are sure that the user has been created, just try again what you have tried before and it will work.

mava · April 5, 2019, 12:03am

Fun machine, my first root. Thanks to @D8ll0 for the hint. F** is not the service you are looking for once you executed the R*E.
PM me if you need help.

Luc1f3r1921 · April 5, 2019, 3:35am

Spoiler Removed

LightBulbR · April 5, 2019, 6:18am

Rooted. Anyone need hints send me a pm.

Twxii · April 5, 2019, 1:32pm

Could someone PM me to help me? I’m new to this and this is the first machine I’m trying. I’ve never looked into this sort of stuff before and don’t really know how anything works. I’ve been googling stuff about getting root for the last 3 days and I’ve got nowhere.

Cybern00b · April 5, 2019, 2:38pm

Oh man, I am so stuck on this Don’t even know where to begin! did an n**p on it, thought i’d found a user account, tried it on the webpage, didn’t work. Keep trying different logins on the webform but always denied. Some of the hints seem to suggest it’s REALLY easy, which is disheartening as this is my first machine!

gamewiz11 · April 5, 2019, 5:06pm

Read through this forum very well. Don’t look at what, but why and how things work. The user flag is right under your nose if you start enumerating in the right place. Your enumeration will grant you access into the web app, and with research and trying harder, that leads you to root.

panda1 · April 5, 2019, 5:19pm

Hey, i’ve got user and website credentials. I think that i found the well known RCE, but when add the notification nothing happens. Any advice, or could someone pm me to see if I am on the right path? Thx.

HitDifferent · April 6, 2019, 4:21am

@D8ll0 said:

@SilentNL said:

I have the same issue. The R*C working with the correct cookie. And it seems like it’s creating a user. But I cannot connect with the newly created user (FTP or SMB). Can someone give me a tip?

How can you know if the user has been created?
If you read the source code, you will find the sign of that.

After that, if you are sure that the user has been created, just try again what you have tried before and it will work.

Also having this same issue, could you explain a bit about how we can confirm that the user has been created successfully? From running the exploit it seemed to be successful but I can’t log in using FTP or winexe/psexec

b00ping · April 6, 2019, 5:59am

I got usr. I got PRTG creds. Can someone help me enum for root? will the notification topic ive came across online actually help? can someone give me a hint on how to go about this ?

Tonny · April 6, 2019, 12:30pm

Type your comment> @YellowBanana said:

Rooted. Anyone need hints send me a pm.

Thank you YellowBanana, I’ve got the root finally.

LifeHacker42 · April 6, 2019, 12:55pm

ok so have user and im pretty sure I know how to do the RCE just completely blindly stuck on getting the initial creds

R0adRunn3rrr · April 6, 2019, 1:42pm

How is anyone having luck finishing this box? I have had to keep coming back to it because of people resetting. Now, Port 80 doesn’t even appear to be open?

puckloe · April 6, 2019, 2:14pm

I have got user but no credentials. I have tried looking through ftp and have not found any credentials for the website I have also tried to SQL it and I don’t think its vulnerable to XSS as when you login It does not say the attempt of username and password at the top. I can’t see any other vulnerabilities so I would really appreciate a hint for what I should do now.

d8ll0 · April 6, 2019, 3:55pm

Type your comment> @KentoS said:

@D8ll0 said:

@SilentNL said:

I have the same issue. The R*C working with the correct cookie. And it seems like it’s creating a user. But I cannot connect with the newly created user (FTP or SMB). Can someone give me a tip?

How can you know if the user has been created?
If you read the source code, you will find the sign of that.

After that, if you are sure that the user has been created, just try again what you have tried before and it will work.

Also having this same issue, could you explain a bit about how we can confirm that the user has been created successfully? From running the exploit it seemed to be successful but I can’t log in using FTP or winexe/psexec

When you read the source code, the first function is creating a file with a name Pe****.txt in a directory.

So when you connect through FTP and see that file in the directory (look around), that means your code has been successfully executed.

Moreover, after creating the user, why you are interested to login to FTP? Find something more useful

x573v3 · April 6, 2019, 6:24pm

can anybody help me out with root in PM?

puckloe · April 6, 2019, 6:32pm

I will also need help with credentials and root can somebody PM me and I can say what I have tried so far.