Postman

1181921232438

Comments

  • edited December 2019

    i got user but after that i tried using w****n_p*******p_r** on [M] but it only return "Failed to retrieve session cookie" so i'd be very appreciated for any help if im on the right track or not.
    edit : nvm forget to SSL :)))

  • I can't get a shell!!! I used a modificated script with r*** but all time say me Permission denied in the ssh... I don't know why.

  • @eternaln00b said:
    I can't get a shell!!! I used a modificated script with r*** but all time say me Permission denied in the ssh... I don't know why.

    Personally I didn't use a script, just piped printf with some extra newline formatting surrounding my credentials (before and after, ~4 lines on each side) to the command line interface for r****.

  • I am new to Hack the Box. I have tried to use the exploit described in Kali Linux an Ethical Hacker's Cookbook and I have been unsuccessful. I also tried to use to some of the exploits in Metasploit. I would appreciate any tips. Thank you in Advance.

  • Got User and Root...

    Some hints, once you have initial foothold via one service, find the hidden secret in the bakalleys... with that you can accomplish the other tasks via another service.

    Fun box, thanks!

  • Another hint - you don't need metasploit for a foothold. Just look at the CONFIG for the service you find and then look for ways to manipulate it.

  • edited December 2019

    Finally done. Still wondering what the txt file in the users Home dir was for.
    thanks @inetshell

  • Finally got root.
    My tips:

    • get a good foothold;
    • learn how to use r.... when u find it;
    • u dont need the u*** at all.. only to get the hash for it.
  • Please reset this box , looks like a team has modified the permissions

  • Rooted

    initial: enum and see how the unprotected service can be abused (try kali cookbook)
    user: permissions are important while creating backups
    root: just run the module (dont forget ssl)

    PM if you need hints

  • Hello
    I got the intial shell, tring to get user.
    i found a file i*_***.**k, and when i tried to connect to ssh i get :
    Connection closed by 10.10.10.160 port 22.
    is what im doing wrong, or something wrong with the machine(cant reset it)?

  • Type your comment> @Awby said:

    Hello
    I got the intial shell, tring to get user.
    i found a file i*_***.**k, and when i tried to connect to ssh i get :
    Connection closed by 10.10.10.160 port 22.
    is what im doing wrong, or something wrong with the machine(cant reset it)?

    Everything is OK both with you and with the machine. :)

    bumika

  • i'm trying this one as my first box.. wish me gl!

  • Hey,
    New user here.

    I managed to get a shell via S** with r**** and found the i*_***.**k .
    However i did not manage to decrypt it... i think i miss the essential knowledge and tool...
    I am glad for any nudge.

  • *Spoiler Removed*
  • Type your comment> @ghost5egy said:

    READONLY You can't write against a read only slave.
    I got this message when trying to exploit ***

    please edit your message...

  • Type your comment> @blackdev1l said:
    > Type your comment> @ghost5egy said:
    >
    > (Quote)
    > please edit your message...

    Why?
  • Type your comment> @ghost5egy said:

    Type your comment> @blackdev1l said:

    Type your comment> @ghost5egy said:

    (Quote)
    please edit your message...

    Why?

    it's a spoiler.

  • edited December 2019

    I know that you have to exploit r***s, but I can't get the scripts to work. I've pulled up a few automated scripts and they just ask for the ssh password. Can anyone give me a nudge? btw I used scripts from Kali Cookbook.

  • Can someone PM me, please? I have trouble getting the shell... I know what I have to do, but I'm doing something wrong and don't know what is it

  • edited December 2019

    I can not figure this out. Second box ever but I know where I want to go, I've found several exploits but they don't work because the M****** command is missing from r**** and at least 2 articles detailing different manual/semi manual ways to get there but nothing is working. One of the ways I've tried is to upload ssh keys to a certain users directory through r**** but when I try to use them to connect it keeps telling me my key is wrong.

    Any nudges or help would be appreciated because after a whole day on this I don't think I'm getting further as it is.

    Edit: I am so unbelievably silly. Lesson learned. Take breaks.

  • Finally did it, rooted! Was missing the obvious, so annoying when that happens. Still, great box, really enjoyed the journey, thanks @TheCyberGeek

    Hack The Box

  • edited December 2019

    Hey,
    Which one could give me a clue about the u******* to use for S** when I injected my k** via R***s?

    I've been blocking for a week now...

    EDIT : Ok... now it's work i don't know how ....

    EDIT : Fuck me i m so tard ....

    EDIT : Rooted...

  • Could anyone reset the machine? It says I've reached the limit for today. I owned user and cannot get access anymore now due to someone breaking r***s.

  • rooted :)
    I didn't manage to get the m thing to run for root so I crafted my own h***-r******. Maybe someone wants to share their way via PM? I never use the m thing, because it never works for me. Maybe there is something wrong with my installation?
    Cheers!

  • Rooted! Thank you for all the support!
    There's really plenty of information to solve this challenge in the comments. Probably too much.

    What took me so much time was the inconsistency of the "magic value" you're able to retrieve.
    It doesn't work for the most obvious thing you'd think it works, you need a workaround but that in the end isn't even necessary.

    Then, there's a service that you could not exploit before but now you can, however the "magic value" wasn't working for me and I tried it multiple times. So I just left it as is and tried other paths.

    In the end I'm happy with the experience, happy with my first hacked box, however I also lost too much time on really trivial things :P

  • edited December 2019

    Stuck at last step for user, need a nudge. PM please

  • edited December 2019

    user? @mrdebator? just enumerate it again and again find the one that's in front of you, but something that's not something your supose to find!!! hahahaha

    not: just report this if it's a spoiler!!

  • rooted!
    initial shell:
    scan harder!!!
    user:
    just enumerate it harder!
    root:
    ask google for answere!
    just report it as spoiler if it is too much!

Sign In to comment.