MonitorsThree Discussion [HTB]

Let’s talk about MonitorsThree. Please do not share a write-up or flag here.

let’s go, last 30 minutes

Trying to bypass login page with the valid username admin

Somebody gotta learn how to prevent SQLi

Follow the cactus

Privilege escalation was fun. Check these out:

marcus@monitorsthree:/opt$ cat docker-compose.yml 
version: "3"

services:
  duplicati:
    image: lscr.io/linuxserver/duplicati:latest
    container_name: duplicati
    environment:
      - PUID=0
      - PGID=0
      - TZ=Etc/UTC
    volumes:
      - /opt/duplicati/config:/config
      - /:/source
    ports:
      - 127.0.0.1:8200:8200
    restart: unless-stopped

https://medium.com/@STarXT/duplicati-bypassing-login-authentication-with-server-passphrase-024d6991e9ee

And you’ve got to find a way to escalate to root after bypassing Duplicati.

DM me if you need more help

Bypass the login page. For root access, configure a script to run before backups and include your SUID script method in it. Then, trigger the backup process

hy Hex, how do i dm u

Hey, click on my name and then click on the chat or message button and submit your message.

1 Like

Hello i got a reverse shell on this but I couldn’t get the key for Marcus user can I get a help?