ServMon

HTB Content Machines
545

@vertering said:

Which tools did you all use for exploiting the vulnerability found in the low port?
With a well known tool I can get a PoC working, but when I try to use it with different parameters it fails miserably.

Not sure what you mean here. If you mean the lowest port, then the built-in client on any Linux machine will work.

If you mean the highest two-digit port, then the exploit is just through a request - you can use any tool.

546

Servmon, I really broke my feet! between the rest!
the user is good, the root is **** up

547

What an ordeal! I finally got root, but not after a BUNCH of frustration and dealing with an unstable box.

User Hints: Enumerate. Find an exploit that will let you see things that should be hidden. Youā€™ll find seven keys. Thereā€™s a way in, but you might have to try a few keys in a couple doors before you find it. Have patience, youā€™ll get in.

Root Hints:

  • You should already know the exploit from your previous enumeration. However, the steps outlined in the exploit documentation are straight-up trash. You should know what these steps aim to accomplish, but you should not attempt to follow these steps to the letter. If you do, youā€™ll just make yourself (and everyone else trying to root the box at the same time) miserable.
  • You wonā€™t be able to reach your goal without a little redirection. Consider the door through which you entered, and the special features of the door that might enable you to open other doors.
  • Read the documentation for the service. Thereā€™s a way to interact with it that doesnā€™t require a browser. You can run two commands from the Kali command line, and thatā€™s all it takes.
  • Whatever you do, donā€™t try to reload the service. It will crash. You will pull out your hair, rip your clothes, gnash your teeth, and curse the Creator.

@dmw0ng ā€“ This was perhaps the most frustrating box Iā€™ve rooted. It tested my patience and perseverance. It forced me to read an instruction manual for a product I hope to never, ever encounter for the rest of my days. It drove me to the brink of insanity.

But it challenged me, and I persevered. Thank you for that.

548

got user easily but stuck on getting root where to look, please pm.

549

Finally root this box!

I think enough hint has been given but hereā€™s a tip.

Use the Api. exploitation is even simpler I think. If youā€™re struggling Iā€™m here for advice.

Special thanks for a final hint that allowed me to root the machine at @pHuR1u5.

Iā€™m really sorry for @dmw0ng which receives bad notes on its box because the others donā€™t follow the good way and try without thinking the first exploitation which finds. This box was really nice! I hope youā€™ll make another one!

550

rootedā€¦ this box is ā€¦ the worstā€¦

but kinda cool

551

Type your comment> @GeorgieH10 said:

Hey! Iā€™ve found some creds based on the instructions in the files gathered from the users which should be used for something one might think. problem is that none of the pws work? Is someone changing the password to make me pull my hair out or am I jumping down a rabbit hole (would surprise me on this machine though) ā€¦:slight_smile:

Sure enough the same creds worked after a couple of hoursā€¦ Rooted, fun box and I learned a lot even though my hair is absolutely somewhat thinner than it was before this box

552

Cannot really run the final payload from N***** to get shell. Reset button has become my favourite button. Log filled with people DoSing the login page. I am really pissed that I cannot finish this due to technical problems.

553

Great box, learned a bunch. Thanks @magomed for the help in my misunderstanding!

554

Can someone pm me? Iā€™m stuck at the final step and cannot receive a root shell. I trigger the payload (extl and scher) and receive back again on my machine Nad***eā€™s shell instead of NT Authority. I am going nuts over here.

EDIT: Got that ā– ā– ā– ā–  root. Respect to cY83rR0H1t.

Tip: APIs are great.

555

stuck on starting , help me plz

556

@Parasarora06 said:

stuck on starting , help me plz

Use nmap to scan the server and identify open ports. When/If you find some, investigate them further to find ways to exploit them.

557

Type your comment> @TazWake said:

@Parasarora06 said:

stuck on starting , help me plz

Use nmap to scan the server and identify open ports. When/If you find some, investigate them further to find ways to exploit them.

got user, struggling for root @TazWake

558

@Parasarora06 said:

Use nmap to scan the server and identify open ports. When/If you find some, investigate them further to find ways to exploit them.

got user, struggling for root @TazWake

As a hint, you halve the time it takes to get help if you ask the question you want to ask from the outset.

559

Root - API and No Reboot necessary.

560

Type your comment> @CAP0 said:

Root - API and No Reboot necessary.

as simple as that !!
donā€™t reboot this machine agaaain

and thanks to you @dmw0ng for this box

561

Rooted. First Windows box. Thanks, @dmw0ng, I learned so much on this one. User came pretty easy, but it helps to be old and be familiar with a service that isnā€™t used so much any more. Root was tougher, but I eventually got it from the tips on this thread using the API commands. Now may I never see N******t ever again.

562

Type your comment> @TazWake said:

@TheCryptonian said:

To the person who deleted my ****.bat file just as I was about to get root (after spending the best part of 12 hours on the box) and replaced it with your own .bat file, thanks.

In the nicest way possible (if this applies to any of you), please donā€™t just randomly delete files, itā€™s not just you on your own per VPN server.

Although it wont help you in this instance, its a good idea to try and come up with unique and unusual names for attack files - this reduces the risk someone else will create something with the same name.

On this box, everyone seems to be using evil.batā€¦

Agreed. Been doing that for the last couple of days and, fingers crossed, been working so far!

563

Thanks for the box @dmw0ng :slight_smile:
Enjoyable even if the box crash alot.

C:\Users\Administrator\Desktop>whoami
whoami
nt authority\system

If someone need help, feel free to pm me :wink:

564

Finally rooted this box

User: very straight forwarded, open your eyes, and check well known places for help
Root: due to guys bruteforcing and resetting this box for no reason a real headache, read the documentation and make use of it, thereā€™s absolutely no need to reset, reload, or whatever this box to get root

PM if you need help