HackTheBox - ServMon

Watch on YouTube

Show annotations

Download is disabled.

14,709

447

2

Genre: Education

Family friendly? Yes

Wilson score: 0.9839

Rating: 4.9822 / 5

Engagement: 3.05%

IppSec

Subscribe | 96.5K

Shared June 20, 2020

00:00 - Intro
00:50 - Start of NMAP
03:45 - Using SMBClient to search for open shares (None)
04:30 - Checking out the web page, some light fuzzing on login and examining how the language selection works
07:55 - Taking a Screenshot on Parrot and pasting it into Cherry Tree (Shift+PrintScreen)
14:30 - Checking out FTP and downloading the two txt files
16:30 - Viewing port 8443, and realizing this page really hates firefox. Switch to Chromium
19:05 - Using searchsploit to find there's a directory traversal exploit in NVMS
20:05 - Grabbing Passwords.txt off Nathan's Desktop (filename was an FTP Note)
22:50 - Using CrackMapExec to bruteforce logins for SMB and SSH (SSH alread bug fixed in DEV Branch)
26:00 - Logging in with SSH, then looking for WebServer directories
30:20 - Examining the NSClient directory to view the config
33:40 - Using SSH to setup a port forward
35:50 - Lots of flailing around trying to get code execution
44:00 - Enough flailing, box reverted and do a clean run of this exploit
49:00 - Flailing around trying to get Nishang to run... Defender is giving me issues.
59:30 - Giving up with Defender Evasion, switching to nc.exe to get a reverse shell
1:01:20 - Reverse shell returned as System grabbing root.txt