ServMon
ServMon
ServMon 240
ServMon
RETIRED MACHINE

ServMon

ServMon - Windows Windows
ServMon - Easy Easy

2.1

MACHINE RATING

15194

USER OWNS

8684

SYSTEM OWNS

11/04/2020

RELEASED
Created by del_KZx497Ju

Machine Synopsis

ServMon is an easy Windows machine featuring an HTTP server that hosts an NVMS-1000 (Network Surveillance Management Software) instance. This is found to be vulnerable to LFI, which is used to read a list of passwords on a user's desktop. Using the credentials, we can SSH to the server as a second user. As this low-privileged user, it's possible enumerate the system and find the password for `NSClient++` (a system monitoring agent). After creating an SSH tunnel, we can access the NSClient++ web app. The app contains functionality to create scripts that can be executed in the context of `NT AUTHORITY\SYSTEM`. Users have been given permissions to restart the `NSCP` service, and after creating a malicious script, the service is restarted and command execution is achieved as SYSTEM.

Machine Matrix

Ready to start your
hacking journey?