Postman

1171820222338

Comments

  • edited December 2019

    fearlessmcp
    December 1 edited December 1 Report Spoiler
    i found i********k and i decrypt it and i got c********8.Then I used it to login user @M*** but it say Connection closed by 10.10.10.160 port 22

    Type your comment> @bumika said:

    Type your comment> @Kimble said:

    I should be able to connect (found the i.b file and used some tools on it) but when I connect I receive a connection closed by host on port 2*. I'm fairly sure this should work. Anyone knows what I can do?

    Yes, I know. Check the content of s**d_c***** on the host.

    This is where I am except I am not getting the hints. Not sure why I'd have to change my own personal config for this.

    Please pm me or post!

  • > @lowtoe said:
    > fearlessmcp
    > December 1 edited December 1 Report Spoiler
    > i found i********k and i decrypt it and i got c********8.Then I used it to login user @M*** but it say Connection closed by 10.10.10.160 port 22
    >
    > Type your comment> @bumika said:
    >
    > (Quote)
    > This is where I am except I am not getting the hints. Not sure why I'd have to change my own personal config for this.
    >
    > Please pm me or post!

    No change is needed. It shows why the connection is closed immediately. Host = Postman

    bumika

  • edited December 2019

    hmm. wouldn't I need to see M***'s conf file to see why it wasn't working then? Still requiring some guidance here :/

    nvm got user.... just had to sling those creds somewhere else

  • Type your comment> @lowtoe said:
    > hmm. wouldn't I need to see M***'s conf file to see why it wasn't working then? Still requiring some guidance here :/

    Just send me a PM.

    bumika

  • I think I have the right solution to get a shell, but it won’t work. Is there anyone who can mentor me to a solution?
  • Can I give someone a quick PM on this? I've currently gotten user, I'm just having an issue with something else and would like to know what's what.

    Thanks!

  • Finally got it rooted thanks to @bumika
    I'd been struggling with initial foothold for a couple of days, and once past that it was "easy enough".

    I'm still a beginner at this, and i learned a lot. I learned how to exploit different things, but also to trust my instincts, and most importantly to try harder :)

  • Type your comment> @mrbudgie said:

    Can I give someone a quick PM on this? I've currently gotten user, I'm just having an issue with something else and would like to know what's what.

    Thanks!

    Nevermind, figured it out and got root!

  • I am new to Hack the Box. I have tried to use the exploit described in Kali Linux an Ethical Hacker's Cookbook and I have been unsuccessful. I also tried to use to some of the exploits in Metasploit. I would appreciate any tips. Thank you in Advance.

  • Could someone help me out what to use for srv***t address i'm stuck there

  • Type your comment> @ELMARRO said:
    > I am new to Hack the Box. I have tried to use the exploit described in Kali Linux an Ethical Hacker's Cookbook and I have been unsuccessful. I also tried to use to some of the exploits in Metasploit. I would appreciate any tips. Thank you in Advance.


    I tried to use an MSF exploit too, which indeed didnt work. So i tried to debug it and see what commands it ran exactly. I then manually reproduced it. By that point you end up running manual/experimental commands on a relativemy unknown protocol... which should lead you to be curious about what else is possible within that framework. Bottom line: metasploit is just a starter but not the solution.

    lebutter
    eCPPT | OSCP

  • ROOTED nice box
    To get a reverse shell look for R***S exploits There's a well documented website for that.
    User and Root are easy
    if you need help PM me

  • Great box! I got User and Root at the same time, so would be interested to hear how others did priv esc from inital shell :) thanks @TheCyberGeek

  • edited December 2019

    Just rooted. Honestly to sum up this box:
    enumerate then go through steps in the many walkthrus for the service.
    There are a bunch guides/exploits all over the place. All you have to do is pick the right one for this service.
    From there a common place to check on the box should point you in the right direction to go. Follow it all the way through and remember if one way is blocked that you already had your foot in the door. Couple this with poor user behavior/management and the use of a recent-ish vuln makes it extremely easy to privesc to root.

    PM if you any help :)

    zweeden

  • Rooted. Thanks @alesawe for getting me over the last hump.

  • Rooted.
    This is my first box. I got a lot of information to think about. It was an exciting task. Thank you so much @N0tAC0p. I got valuable tips and tricks.
    Thanks also to all those who wrote tips on going through this topic. I read all the posts related to the Postman box. And that also helped me.
  • Someone change the permission can't write anything ???

  • WTF and resent reached to it's mix limit ??

  • kindly don't play with the permission :/

  • Think I am on the right track, I have modified a r**** exploit, although I don't have a username. Any help appreciated, PM is fine also.

  • Rooted!

    Fun box, user is way harder than root in my opinion. I didn't use anything from metasploit to get initial shell, but I also didn't come up with a script myself.

    Lots and lots of research and trialling different exploits. Everything else falls into place once you get the shell.

    PM me for any questions / hints.

    Hack The Box

  • ROOTED!

    Hi everyone, finally I'm here again after a long absence!
    I'm honest: I didn't really like this machine, but I still want to thank @TheCyberGeek because I learned something new about r**** with this box!

    Here are my hints

    • Foothold: enumerate and search the web for information about services you found. There is an article that explain step by step how to exploit one of these services and get a foothold into the box

    • Exploitaiton: You have to look for something interesting that you can access, then you can use some tools to extract information from it

    • User & Root flags: Don't know if it was intended but exploiting a common vulnerability I got both of them at the same time (with information from the previous step)

    Hack The Box

    PM me if you need help!

    achille

  • Got root.

    I think the best tip that I can give to someone - don't overcomplicate it. It's simpler than you are thinking it is.
    Thanks to @Achille for giving me tip, when I was knocking my head against a wall.

    Razzty

  • edited December 2019

    Deleted

  • edited December 2019

    Service is unavailable and max resets reached for the day already, argh. Would someone with root mind giving the initial foothold service a kick please?

  • I finally got root! A very interesting machine!

    r*** was pretty straightforward, but for u***, it took me some time to get it. I didn't knew that re*** was that dangerous!

    If you need a hint, just ping me via PM.

  • Rooted, definitely scraping the rust off of not doing this for a while lol. If anyone needs help, feel free to msg me!

  • Rooted, first user and root! Thanks @zweeden for a few nudges in the right direction.

  • It was fun! Thanks @inetshell for a hint and @TheCyberGeek for the challenge!

  • Got this one last night. To those who say TLS/SSL makes this difficult, the reality is most tools have knobs and dials that let you selectively turn encryption and cert validation on or off.

Sign In to comment.