Official MonitorsThree Discussion

w3lcom3 · August 26, 2024, 10:23pm

Got a bit stuck, anyone can give a nudge? got the access to dashboard, ffuf’ed pretty much every page.

hellomaties · August 26, 2024, 11:16pm

google the dashboards for vuln

Ashishgupta · August 27, 2024, 6:25am

Anyone needs help? Please ping me.

0xalam · August 27, 2024, 8:28am

any hint or help with root?

Ashishgupta · August 27, 2024, 9:24am

Identify what looks strange - something which is not usually present in the root directories. Any crontabs etc.

Unibeef · August 27, 2024, 5:55pm

Guys, I seem to have the same problem on every machine, I don’t want to spoil anything but could someone help me find a solution, its related to databases.

N999 · August 27, 2024, 7:38pm

any One with enough hints

w3lcom3 · August 27, 2024, 9:11pm

Which stage?

cg2sy · August 28, 2024, 3:10am

Is port 8084 supposed to time out when probing it from inside the server? I’ve forwarded the port and nmap shows it’s now open, but I can’t get anything out of it (curl, nc, browser, etc.)

b2k · August 28, 2024, 7:13am

You can send me a message.

House · August 28, 2024, 10:39am

just got root flag, am so confused, no privEsc needed, i almost didnt try to check the root flag, usually permission denied!!!

case3 · August 28, 2024, 1:20pm

Hello everyone,
PWNED
This is my first machine I was able to do successfully all the way to root.txt without any hint/nudges.
I started this machine on Saturday evening and got root.txt by Tuesday evening. I previously had a lot of help from forums on some machines so I will try to help someone and not reveal anything much.

Foothold: I am not going to say something very abstract but just note down top 7 or 8 things that come up in your mind when you think about hacking and its going to be one of them 100% I guarantee.

For root: Running linpeas didn’t helped me much. I just opened the YouTube video from TCM about linux privesc and then started to do everything line by line as by linpeas and video and got root.txt. Nothing very crazy.

Overall seems like an easy box as I was able to do it but still happy for it to be the first box I did

case3 · August 28, 2024, 1:29pm

Try different options if using some tool or custom script then you can debug.

Yorchy · August 28, 2024, 3:57pm

Am I missing something or thepass from de DB is the same of the system user marcus?

1zverg · August 28, 2024, 4:32pm

Rooted! Thank you @Ashishgupta for your insights!

elouna · August 28, 2024, 6:10pm

Spoiler!

Login failed: Unauthorized in Duplicati. I do everything according to the instructions from the Medium. Tried all possible options.

Please help!

vincecipher · August 28, 2024, 6:47pm

yep , finaly the —hex option did the job

heathendev · August 28, 2024, 7:31pm

This was really fun, I learned a whole lot!

lReaperl · August 28, 2024, 10:49pm

Hi any nudge for user? i’ve found the other login page but i couldn’t find the DB creds

w3lcom3 · August 29, 2024, 12:56am

did anyone had a problem with empty main flag folder?

Topic		Replies	Views
Official Monitors Discussion Machines	73	8664	October 8, 2024
Official PC Discussion Machines	295	16036	October 18, 2023
Official Corporate Discussion Machines	25	2619	December 17, 2024
Official Resource Discussion Machines	153	4555	November 23, 2024
Official Horizontall Discussion Machines	174	24736	December 12, 2024

Official MonitorsThree Discussion

Related topics