@luckyUser thanks for the explanation. What I don't understand is that for 'M' there exists an "authorized keys" folder with a key pair. This key pair is different from the one we find as "R". People keep messing with the "R" service and I was tired of needing to go through that process every time so I decided to exfiltrate these keys, thinking that I could then login directly as "M" using SSH. No dice. Can anyone verify that this is the case or am I making some mistake?
I've already rooted, I am just looking to improve my understanding.
Wow, Postman had me stumped! I could not figure out some small details (which have been discussed in this thread enough, I guess), so it took me ages to get the initial foothold. Once I got that, the rest was feeling somewhat...too easy, I guess.
I still have no idea how to get the user flag, as I went straight from initial to root.
If anyone wants to show me how they did it, please tell me in a PM, I'm curious. I'll send you the point where I got stuck if you want. I think there's something in there I can learn!
Initial: Learned a lot about a thing that I have used only once before, that was new, thanks!
User: Still no clue!
Root: Quite easy after you figure out that someone was a bit careless about conserving...
Thanks to @TheCyberGeek for making this box. Despite the frustration I felt, I learned something and that's why I'm here
Fun little box, thanks @TheCyberGeek! This was only my second (active) box and I was somewhat surprised to see that I could immediately reuse some of the things I learnt on OpenAdmin
Shoutout to @5H3LLKiller and @mohabaks for helping me get over that john "hurdle" I completely brainfarted on ...
Does anyone know whether there's a way to root without m********t?
I found the r**** tut on packetstorm, but the article assumes I know the username of the account in which to drop my key. How do I find that out? I already get a permission denied trying to change to the /home directory.
Is the r**** service down for anyone else? I'm noticing I'm unable to do a full nmap scan on the box and when i try to use the r****-c** tool to connect to that service, it just hangs. I reset the box, but still seeing the same behavior.
Hi Forum, I'm facing a very weird issue...I am unable to access the port 10000 via the webrowser
When i try to access it via HTTP, i get a redirect URL to the https link. However, on clicking that link, i get an error saying "We can't connect to the server at postman". Has anyone else faced this issue too? Any help here would be great!
Comments
Rooted. And my first root/user at that!
@luckyUser thanks for the explanation. What I don't understand is that for 'M' there exists an "authorized keys" folder with a key pair. This key pair is different from the one we find as "R". People keep messing with the "R" service and I was tired of needing to go through that process every time so I decided to exfiltrate these keys, thinking that I could then login directly as "M" using SSH. No dice. Can anyone verify that this is the case or am I making some mistake?
I've already rooted, I am just looking to improve my understanding.
Wow, Postman had me stumped! I could not figure out some small details (which have been discussed in this thread enough, I guess), so it took me ages to get the initial foothold. Once I got that, the rest was feeling somewhat...too easy, I guess.
I still have no idea how to get the user flag, as I went straight from initial to root.
If anyone wants to show me how they did it, please tell me in a PM, I'm curious. I'll send you the point where I got stuck if you want. I think there's something in there I can learn!
Initial: Learned a lot about a thing that I have used only once before, that was new, thanks!
User: Still no clue!
Root: Quite easy after you figure out that someone was a bit careless about conserving...
Thanks to @TheCyberGeek for making this box. Despite the frustration I felt, I learned something and that's why I'm here
Fun little box, thanks @TheCyberGeek! This was only my second (active) box and I was somewhat surprised to see that I could immediately reuse some of the things I learnt on OpenAdmin
Shoutout to @5H3LLKiller and @mohabaks for helping me get over that john "hurdle" I completely brainfarted on ...
Does anyone know whether there's a way to root without m********t?
@hellsheep, take a look at the sshd_conf file and I believe you will know why you can't SSH in at M***
I found the r**** tut on packetstorm, but the article assumes I know the username of the account in which to drop my key. How do I find that out? I already get a permission denied trying to change to the /home directory.
Im not sure what i did wrong with nmap but i was not able to find r***s-cli but im all good now.
Hello everyone
i am stuck
i put the key from ***.bk to ssh2john and then put jtr to work using rockyou wordlist
no password found
need a hint
tnx
I'm running the scanner to find usernames....it says found after everyone. R**** Login. I can't get the initial foothold.
Rooted. Time to get foothold was apparently not well spent. PM for a nudge.
Thanks @TheCyberGeek !
I'm new to this. I entered using r****-c** and another usual tool but I'm lost when I try to change users. Can you PM for a hint?
Rooted
An easy machine for the ones that've done enough linux machines. Learned new things too !!
PM if anyone needs some help.
Hi!
System owned! Fun box!
Is the r**** service down for anyone else? I'm noticing I'm unable to do a full nmap scan on the box and when i try to use the r****-c** tool to connect to that service, it just hangs. I reset the box, but still seeing the same behavior.
System owned...
Thanks to who pm me with hints
good luck
Hi Forum, I'm facing a very weird issue...I am unable to access the port 10000 via the webrowser
When i try to access it via HTTP, i get a redirect URL to the https link. However, on clicking that link, i get an error saying "We can't connect to the server at postman". Has anyone else faced this issue too? Any help here would be great!
Cheers!