Hack The Box: Netmon
Synopsis: Netmon posed a legitimate challenge and was required more skills than any of the previous machines. Exploiting anonymous FTP and locating the user flag was relatively straight forward but the system flag took some work to get. Some googling revealed a remote code execution vulnerability that could be used to obtain the system flag.
Same nmap scan as always. I noted port 80 and 21 immediately.
I had to explore anonymous ftp first and was surprised to find the root of C available. I explored users and found that I couldn’t access the Administrators folder but I could get into Public and located the flag. Now time to look for the system flag.
Port 80 presented me with a login.
Some google presented some default credentials but no unfortunately the pesky system administrators changed them.
Back to the anonymous ftp where an old backup was located. I had to lean on the walk through for this.
A review of the old backup reveals credentials. Since this was an old backup the password had to be adjusted to “PrTg@dmin2019“. I suspect if I looked at the system clock it would say it was 2019.
Again I leaned on the walk-through to inform me of the remote code execution vulnerability. I chose to differ from the official HTB walkthrough on how I used the RCE though. It wanted to create a new user with elevated privileges but I liked this guide better because it simply moved the flag to a directory we could access with anonymous ftp (seemed stealthier to me).
I had more fun with this one than any of the previous machines. They all have been fun and a great learning experience.