MonitorsFour is a Windows-based HackTheBox machine that demonstrates a multi-stage attack chain combining web application vulnerabilities, authentication bypass through PHP type juggling, CVE exploitation, and Docker API abuse for privilege escalation. This writeup details the complete exploitation process from initial reconnaissance to root access.
Environment Configuration
Configure DNS resolution for the target domain:
echo "10.10.11.98 monitorsfour.htb cacti.monitorsfour.htb" | sudo tee -a /etc/hosts
Target: 10.10.11.98
Attacker: 10.10.14.143
Reconnaissance & Information Gathering
Network Enumeration
Initial port scanning reveals the attack surface:
nmap -A -O 10.10.11.98
Open Ports:
80/tcp: nginx HTTP service redirecting to monitorsfour.htb
5985/tcp: WinRM (Microsoft HTTPAPI httpd 2.0)
Operating System: Windows Server (2022/2012/2016)
