Postman

18911131438

Comments

  • Interesting. PM me, and I try to help you.

    bumika

  • Hi guys, someone can give me some hints about the initial user enumaration? I'm on the right way (i guess) but i can't figure out how to find the right user to exploit the r**** shell.

  • Could anyone help me with Postman machine ?
    In the begining...I'm stucked with Webmin page, and i don't know what i need to didIf you can't understand me, could you talk me ?
    I'm brazilian, and i don't wanna use translate. I need traine my english and my hacking skills LOL

  • Well that was embarrassing, trying to open a door with the key the wrong way around - damn!

    User + Root = Root Dance!!!

    Shout out to @dnperfors for the nudge - thank you.

  • Can someone PM ME?

    I am trying to ssh as the user after using john successfully. I keep getting connection closed by xxx port 22. Is this normal?

  • Type your comment> @Reigada said:

    Can someone PM ME?

    I am trying to ssh as the user after using john successfully. I keep getting connection closed by xxx port 22. Is this normal?

    Check the content of sshd_config.

    bumika

  • Mmkay. I need a nudge. I have found the ports and services I should be looking at. Found the webmin page. I can connect using r****-c** to the appropriate port. It seems to make this particular exploit work I would need a valid username.

    So I think that's where I am failing. Can I assume I need to enumerate further to uncover this information? If so (or not) would someone mind giving me a push in the direction.

    Thanks!

  • Hello anyone can give me a nudge! already got the shell via r*** and i'm sure i have to find a .ba* file but i don't know where to search for that.

  • Anyone else finding/found this box really tempremental?...Exact same process sometimes successful and sometimes not....or is it just me?

  • Type your comment> @ByteM3 said:

    Anyone else finding/found this box really tempremental?...Exact same process sometimes successful and sometimes not....or is it just me?

    if your talking abt getting into r**** . its because everyone is running the exact same script and overwriting everyone else using that script.

  • anyone can help me with root?

  • edited November 2019

    @pjnrodrigues said:
    anyone can help me with root?

    Machine is rated with CVE
    Why dont u find one?🤔

  • Type your comment> @pjnrodrigues said:

    anyone can help me with root?

    IF you find your first approach looking at the middle ages... try to listen and LEARN what the elders have to tell you...

  • Spoiler Removed

  • I think I need a nudge.. I ran Nikto, scanned all for nmap. Found the post man login page. I attempted to use r***s however whenever i try to set the keys in the db i get a permissions denied error. I am at a loss now.

  • edited November 2019

    Really great box, rooted it and me and a friend sat down and wrote up a way to exploit w****n without using m********t. Just b*** and m**v**** needed (with a valid login ofc). My first ever submission to the exploit-db and we're really happy it worked!

  • edited November 2019

    if your talking abt getting into r**** . its because everyone is running the exact same script and overwriting everyone else using that script.

    The best thing to do is write a 1liner that does the whole script and login at once, if done right you get access and keep it even if the file is overwritten.

  • The best thing to do is write a 1liner that does the whole script and login at once, if done right you get access and keep it even if the file is overwritten.

    ...Fair one. I’ll have to give it a go tomorrow.

  • can anyone DM some hints about the type of enumeration I should try doing? I have performed basic scans and vulnerability scans but am not seeing the service mentioned here. help would be appreciated!

  • No way if people still typing "flushall"

  • 9 time in last 10 minutes, all from the same ip. That's nice

  • I think I might implode with how this is getting flushed...

  • finally rooted, thankyou to @FoX01 @kenahack @mctheem and @KillerTShell. No doubt to PM me for help!

  • Anyone willing to nudge me please? Got foothold with user r**** and lost at this point

  • Thank you @JadeWolf for the nudge

  • Omg, it took me ages to get root.
    I was on the right path for hours, turns out the exploit was failing, had to modify manually to get it working *facepalm

  • Rooted, fun box, learnt a lot about thing's I've not seen before! Thanks @TheCyberGeek

    My tips are keep trying but don't get stuck on one method, there's a few ways of getting the first shell that won't work.
    For user: find the interesting file and find what you can do with it.
    For root: CVE

  • Rooted! Thank you @rholas for tips!

  • Can't seem to find w****n or r*** in my enumeration. Can someone PM me? This is only my second box.

  • Learned a ton on my 3rd box, thanks to the hints everyone has provided. Overall a really fun box. PM me if you want any nudges, more than happy to help.

Sign In to comment.