Postman

1235738

Comments

  • @Quacktop Thanks for your kind words though! Could you PM me though I would be interested to know the route you took :)

  • @blaudoom I'm glad you enjoyed it! Sometimes we can all get mislead in some way. What's important is you figured out how to get past it! Thanks for your kind feedback!

  • edited November 2019

    Was a very fun box

    hints for initial:

    • do your basic enum and google for the non standard ports and get articles
    • follow the article to find out what works. then update your exploit and run

    hint for user:

    • think about where juicy data can be and search for it

    hint for root:

    • go back to start and try other things
    • like @Quacktop said CVE

    like always if it spoilers too much please delete

    If help is needed PM me

  • Rooted. Wow I feel dumb, the privesc from foothold to user was glaringly easy but my brain just died. Overall fun box but I feel the root was a bit too easy.

  • Really fun box :) I have a tendency to overthink "easy" boxes which got me stuck a couple of times.

    Hack The Box

  • Got user access @M**t

  • Just rooted this box. Thoroughly enjoyed it, found user to be harder than root though..rooted within 5/10 minutes of getting user.. Thanks @TheCyberGeek

    OSCP | CCNA | CPSA

  • very good box! I like it

  • edited November 2019

    Got root!

    • Initial foothold was for me the most educational part of the box.
    • User was pretty easy (enumeration is key...)
    • Root was the easiest part (did not learn something new here)
  • id
    uid=0(root) gid=0(root) groups=0(root)

    Loved it.. Was good for New people hope there are more like this.

    I did learn some good stuff even with root.. Was a small lesson but one was learned.. Look at everything..

    PM for hints..

    Hack The Box

  • Finally owned it! User was much more difficult than root - I certainly over-complicated, over-thought every step and went down every rabbit hole! Note to self: Keep it simple stupid :)
    Thanks to @beorn and @MrW0l05zyn for the nudge with foothold.
    PM me for nudges..

  • Got around to this yesterday and rooted it. Looked past the first bit for user out of eagerness. Taught me to enumerate harder again.

    Hints on here are already enough, as previously stated.

    Good luck everyone!


    Hack The Box
    defarbs.com | Retired Machine Writeups! - "Let me just quote the late, great Colonel Sanders, who said, 'I'm too drunk... to taste this chicken.'”

  • Rooted. I liked this box, I think it's good to have always boxes like this in the lab. Easy (for the newcomers) and also with something that (almost) everyone else can learn about some popular service.

  • Rooted my mf was not working properly now fixed with the sl and got root

    Rooted, thanks whoever helped me

  • Can anyone give me a hint about getting a user for the postman

  • Rooted :) good box, and the classification is valid. Thanks @TheCyberGeek !
  • Rooted! Fun box. For user i had to reset the box in order to get the default directory for r****, so make sure you know where you are.

  • edited November 2019

    I think I'm using the correct exploit but when I try to run it only i see "receive data" two times and that's it, but I'm not sure what I'm doing wrong.

    Vex20k

  • Rooting is always an adrenaline rush :P
  • Awesome box! User was fun! After that, root was fairly straight forward. Thx @TheCyberGeek !

    sx02089

  • PM for Nuggets

    Hack The Box

  • edited November 2019

    hint for root: if m*f doesn't work but c***k says 'vulnerable', then this -> try harder =)

  • rooted

    PM me for help.

    halisha

    --- I reply faster on Telegram @halishasec and [Discord Tavi #6865]
    --- Please specify the machine you're working at when messaging

  • Pretty easy box. When i was waiting for user, i eventually got root lol.

    User (or initial shell): do you see something new in your scan? A pretty nice time to google about it, isn't it? Hint: as mentioned above, don't change the dir

    Root: simpler than 2, 3, 5, 7 and 11. I even didn't use LinEnum. Connection closed? Maybe you are not welcome to come through this door? But every house has windows...

    PM if you completely lost ;)

  • edited November 2019

    can someone please tell me where i can read up on using ssh2john.py
    never mind found it!

    madhack
    If you need help with something, PM me how far you've got already, what you've tried etc.
    Discord: MadHack#6530

  • Hi all! I am stuck in r**is. i noticed that here is no MO***E command, so exploits didnt work, drop some key file in some directory isnt work for me (idk, is it working at all). i think i can do something with LUA scripting here, but no luck. Help, i need somebody, help... :D

  • This is my first attempt to hack the box after 2 weeks of learning.
    The box is rooted thanks to a great community, you are the best guys!
  • Rooted! Fun box. Learn a lot through user!! PM if you need some help!

  • I am root! :p Certainly an enjoyable box. I found the initial foothold to be a very good learning experience. :)

  • My hints.

    User:

    1º The obvious exploit is not going to work.

    2º Read articles about the vulnerability, and you will find an alternative approach. There are tons of articles about it.

    3º Once you do your research, remember that not all home directories fall under home.

    4º Play with a client tool to get additional information.

    5º Prepare your attack, and get in.

    Root:

    1º Go back to your initial enumeration.

    2º Don't overthink. Root is easy.

    @TheCyberGeek , thank you for the box.

    twypsy

Sign In to comment.