Postman

13468938

Comments

  • edited November 2019

    Rooted! thanks people from HTB for all the hints!
    fun box for beginners..... like me ๐Ÿ˜Š

    madhack
    If you need help with something, PM me how far you've got already, what you've tried etc.
    Discord: MadHack#6530

  • Just got root!

    Thanks to @TheCyberGeek for the box.

    PM if you're stuck.

  • i found the i*_.k and i try to john with rockyou and no luck, did i miss somthing ?

  • Am I the only one that is having extreme trouble getting the initial shell?

    When I run the script, it will display "ERR changing directory permission denied" then prompt for a password...

    Anyone else have this issue? I tried my s**_config file but no luck..

  • edited November 2019

    @ghsi10 said:
    i found the i*_.k and i try to john with rockyou and no luck, did i miss somthing ?

    Have you converted it to the proper format? It should work with rockyou

    @MalwareMonkey said:
    Am I the only one that is having extreme trouble getting the initial shell?

    When I run the script, it will display "ERR changing directory permission denied" then prompt for a password...

    Anyone else have this issue? I tried my s**_config file but no luck..

    I suppose you are trying your attack in the root directory.

    Search for another directory where your attack would work.

    twypsy

  • Rooted. There are enough hints to get through everything here, but feel free to PM me if needed.

    Hack The Box

  • Rooted! Went straight from initial foothold -> root. Wouldn't mind someone talking me through the way they accessed user though. PM for hints!

  • Yesterday I have rooted the machine after struggling quite a lot on initial foothold. Thanks @tnorris for grabbing me out of a deep rabbit hole :).

    The machine is easy, but it's prone to errors. There is one service which is totally unused (at least for me), which someone might overthink and get lost into. Also the way to get foothold is a bit confusing as well (why s** configuration should be like that?) and mostly is very prone to pollution between users. You don't need to change almost anything to exploit r*, but before you get to know that, it is very likely you will try.

    Anyway, as all the machines where you struggle, I learned and was prompted to dig more into r*, so it was a learning experience. Thanks @TheCyberGeek !

  • Rooted!

    User: Not the most complicated but you can get confused at some point.
    Pm me if you need hints

    Root: Really easy

    Hack The Box

  • Sometimes I try to do things and it just doesn't work out the way I wanted to. And I get real frustrated.

  • Rooted!

    Thanks @TheCyberGeek for the interesting box. I'm still rather new to this so there was plenty for me to learn and it reminded me of how its important to enumerate enumerate enumerate before digging deep down the wrong hole.

    hackerB31

  • Initial shell keeps dropping on public server. so annoying. Is anyone else facing the same problem?

  • rooted, used reset once because I couldn't establish ssh connection for user even with right parameters. After that it wasn't hard, a little bit of googling and root is yours

  • I did a quick favor for the last step for those who doesn't want to fire up a massive framework. It's on github.

  • @clubby789 said:
    Low privelige shell got, let's see what's next...

    how do u get the shell?

  • edited November 2019

    Can someone nudge me in the direction of user?
    I've got the initial shell as re***. Found the hidden object and cracked it.
    When I try to ssh as the user M*** the connection drops instantly.
    THen i tried to log into the w***** and it worked, hurray, from here I see that there is a hidden c***** that i can write into, but nothing seems to work.
    im at a loss here, any help would be appreciated.
    Thanks Sekisback, I should look at what I have and not go so deep lol

  • Type your comment

  • Rooted. Easy box. Ty @TheCyberGeek . Wasted most time because initial shell kept dropping.
    I went straight from initial foothold to root. Can anyone pm me for the alternative approach? What am I supposed to look for in the UI?

  • edited November 2019

    Yesterday I managed to get a foothold by modifying exploit code as necessary. However, today when using exactly the same code I get ***signing failed: agent refused operation. Any ideas why this could be? BTW, I've already reset the machine and tried again but I cannot get it to work. Thanks

    Forget it... I'm an idiot.... :) I got it working again

  • thanks people from HTB for all the hints!

  • ive got the exploit, is there a way to enumerate a user? or do i have to use it to write something else

  • edited November 2019

    Rooted, liked the box good times. Just one question I would have never gotten drop location for initial foothold exploit if it was not for the hints here. If someone could clue me into the process or thinking on how that drop location was discovered I would greatly appreciate it.

  • The user part got very annoying for me because i was doing everything manually.
    HINT: there's a script which you can use that will do stuff automatically for you

    I loved the root part as well!

    badge
    profile: https://www.hackthebox.eu/home/users/profile/114435
    discord: Celesian#0558

  • Funish box. Learned a fair bit. The main way everyone was using to get a foothold had me stumped for ages as my install went wrong or something happened that meant me doing the same as everyone else seemed to at a certain point wasnt working. Took me 3-4 hours to fix that and then user was fairly simple.

    Speaking to others there is more than one way to do user and even though the way I did it in theory is very simple there is an even easier way out there.

    Root was very easy, probably too easy, wondering if others did it a different way, id be keen to know.

  • is port 10*** rabbit hole ?

  • Type your comment> @s0lhz said:

    is port 10*** rabbit hole ?

    You will need it later.

  • edited November 2019
    Could someone give me a hint for the foothold? I understand what I can do with r****s but I can't find the correct path to do it
    Thanks

    Edit: I found out by watching what others were doing... :/
Sign In to comment.