tomc: if you are new to the HackTheBox, point is to copy the user.txt from some directory of the target machine a paste it in the HTB web of this target Login :: Hack The Box :: Penetration Testing Labs under “Own User” button.
After that, you are supposed to get the hash from the file named root.txt which is located in the root/Administrator own home directory and copy the hash under the button “Own root” at the same page.
This indicate that you gained access both as a user and as a root on the target machine.
User was too easy, Root was really fun, I’ve learned a lot. Thank you @mrb3n for the machine and thank you @54pp0r0 for helping me on the reverse shell syntax
PS, reverse shell is not needed to get root.txt but if you insist, try switching all the " to '.
Edit: if you need help, feel free to contact me
hello sir can you please help in the root access i cant even login in prtg network monitor
Logging to that monitor should be your first focus. Some googling on where the log files are stored in PRTG should help you with that.
I have what is seemingly the password from a file I found, but after trying to log in to the service both via the public interface and the db interface, neither work (unauthorized) – did something change?
User was too easy, Root was really fun, I’ve learned a lot. Thank you @mrb3n for the machine and thank you @54pp0r0 for helping me on the reverse shell syntax
PS, reverse shell is not needed to get root.txt but if you insist, try switching all the " to '.
Edit: if you need help, feel free to contact me
hello sir can you please help in the root access i cant even login in prtg network monitor
Logging to that monitor should be your first focus. Some googling on where the log files are stored in PRTG should help you with that.
i got the setup.log file but i am not getting the password it has somethinf like key=prtgtrial
I know I am so close. I used the R*E and got the “exploit completed” message in my terminal that created a new user, can’t seem to log in anywhere with it. I’ve read every single page of this thread multiple times and have seen stuff about port 445 and smb. Now I am an amateur for sure, I just started school and would love a hint to help me finish my first box. If anyone would like to pm me feel free. I know I am right there for root. Any help is very much appreciated. Thank you
Hi have the next problem, tonight success login on prtg web, but now cannot login, that credentials not valid!, what could it be?, i use a vip account
thanks
Y’all I need help. I have the password and I have found the exploit and have run it but it continues to fail. I have confirmed the commands I am running with a person who has rooted the box. I’m not asking anyone to solve it for me just to look over my work and point me in a direction.
For everyone that needs help - look into the code of the exploit thats giving you user access. Its creating a username and password using a file naming scheme thats baked into the exploit. Its possible your exploit is getting overwritten midway by another user given how popular this box is.
As for logging in with it - its not an FTP user that you’re creating. You’ll need to find service that’s running to test your login with.
@ytho thanks for your post.
I have been trying what you have mentioned for the last couple of days with no success.
Are you able to PM me with another hint.
Hello, I have got the user hash and have got access in F** as a user however I am confused where i should look for the Root creds. Can someone please help me with this as i’m stuck ?
