Footprinting medium machinr

Feel free to DM me

I have the same problem. Do you have any advice, please?

mount the drive as root


See it sucks that you had to be so blunt here, but I honestly think the lab is a bit unfair because it almost goes against what you learnt in the NFS module, which is perhaps why it seems a few people are struggling here. We learn that being in the nobody group means you’re being root squashed, and although your not technically being root squashed when you log it as your default user, thats where the student’s brain is going, so I was never going to try as the root user. Furthermore I wasn’t actually aware I could switch to the root user in pwnbox outside of sudo. I didn’t realise it was the same password as the default user. Doing your own research into nobody group when you’re not root user takes you down a massive rabbit hole of something being wrong on the server. So here I am trying to change the NFS version when the answer was way more simple. I think the lab should be changed to show that the root group owns the folder, rather than the nobody group.

In saying that I did learn a valuable lesson in making sure I truly look properly at the folder permissions. Despite being in the nobody group, we can still ascertain which user we need to mount as via the folder folder permissions output, as ONLY the root user has permissions on the folder.


thank to your advice I can read the content of the nfs.
I found the important.txt, but it look like the password is not work for SQL server Management…
Can you give us another advice sir ?

Thank you

The user you are logged in with via RDP has no rights to access the database. You have to find another user to connect to it via RDP.

Hello I’ve used rdp I’ve learned how to query and search the last 200 entries, I believe I need to thoroughly search the databases. Am I on the right track?

anyone got this error while trying to connect to the MSSQL?


I think the other user is “default”.
But where is his password ?
This lab is so weird !

Finnaly I got the flag of this Lab !
Small hint for someone blocked in the MS SQL connection’s step :slight_smile:

  • Once you found the credential of the RDP’user and the password in the txt file, you have nothing to do with NFS and SMB
  • The other user is not 'default"
  • The flag is very easy to get if you know a litle bit SQL. If not, use the syntax : SELECT * FROM DB_NAME_FOUNDED WHERE USERNAME_COLUMNS like “%HTB”%

And the most impportant, is NEVER give up, always something you can find in the system that will serve you.
Let hack and chill

1 Like

Thank you, so I am on the right track.

got it once I figured out what a table and database was, learning a little sql helps

The hint suggests that you find and use an Administrator account and mssql. After I learned a little sql I got the answer 2 days later, the next question only took me 30min to solve. There’s a learning curve once you pass that the answers are usually right under your nose.

Yes I am stuck with this error when I try to log-in as SA with the password in important.txt. Did you manage to solve this?

Alex has no rights to access the database.
So you have to find another user with whom you can connect to the Windows host via RDP. One that has enough rights. Maybe a user similar to SA?

Im guessing that would be the admin account and I would need to use the SA account credentials I found to do that. Which service should I be looking at?

Log in via RDP with the other user and then use the database.

Thank you. I meant which service should I be footprinting (with the SA account I presume) to find the other user?

It is not about a service. Look around on the system.

Hey give me a hint please!
I found only users alex and sa is there any other user?