Postman

145791038

Comments

  • I think it was an overall nice box and learned one or two things. The user was definitely harder than the root. Feel free to PM if you need a hint.

    PM me on Discord: t0thkr1s#0880

  • Finnaly Rooted my first box!!

  • Rooted, I did stuck a little in connection closed

    PM for hints

  • edited November 2019

    Can someone PM me for the part to find r*** service
    I am root already but forgot how i found it.
    And i want to add it to my cherrytree

    Edit: found it with the Blue thing.

    madhack
    If you need help with something, PM me how far you've got already, what you've tried etc.
    Discord: MadHack#6530

  • edited November 2019

    Trying my way through the r*** s service but I'm not sure what I have to change on my script. Can someone PM? The one odd thing I found when trying things manually was that a certain command (M**** E) was not supported, although it's used in the script (possibly the most important step..) and supposedly introduced in this version of r*** s...

  • edited November 2019

    Doublepost, sorry

  • Someone is stressing this machine, the response time is awful right now :(

  • Does the exploit have something to do with s**?

  • i use script in github to get buffer overflow in r***s but i can't use system.exec
    anyone can help my problem?

  • Type your comment> @Simmens said:

    Does the exploit have something to do with s**?

    Yes

    halisha

    --- I reply faster on Telegram @halishasec and [Discord Tavi #6865]
    --- Please specify the machine you're working at when messaging

  • Type your comment> @halisha said:

    Type your comment> @Simmens said:

    Does the exploit have something to do with s**?

    Yes

    Thanks ;-)

  • Type your comment> @zikuto said:

    i use script in github to get buffer overflow in r***s but i can't use system.exec
    anyone can help my problem?

    I had the same problem, system.exec not found :/

  • Finally rooted the box. I'm sure I found the initial foothold just by luck as I've never seen S** configured this way.

    Feel free to pm

    Hack The Box

  • edited November 2019

    Finally rooted ! . i have gain the knowledge on r***S , User was some what fun.

    Thank you guys for providing the hints @WWBK @aho and @roelvb

  • cool and realistic box

    0xskywalker

  • edited November 2019

    Did anyone get root manually? (sorry if this is a spoiler)

    Huejash0le

  • Rooted. As a beginner, I learned a lot from this box. Got user and root at the same time.

  • edited November 2019

    Got root. Thanks @Freak2600 for the nudge.

  • I seem to have gotten stuck. I have found the foothold, but I'm having some difficulty actually gaining access to the box.

  • Any tips on getting R* was able to get user but kind of stuck on where to go from here.

  • Finally rooted. Thanks for the hints. I found the initial shell the hardest part for me

  • Rooted, can anyone PM me telling why this box is named Postman?

  • Initial; Scan all ports, make sure you know what the service is and if there's any way to get access by using it, there's tons of material online. Also, keep notes of unavailable exploits(those that require creds) even though they don't work now, it might work later on.
    User; Read the history, you will need to locate something that can help you.
    Root; Once you got user, go back to your notes and see what was available exploits you can use, since you already have the creds, figure it out

    v1ew-s0urce.flv
  • Spoiler Removed

    Huejash0le

  • I've enjoyed the machine very much.

    The initial foothold was a little bit frustrating, due to the huge amount of reset requests.

    User was fun :)
    Root was straightforward and very easy.

  • is there a need to use sys ***. ex ** no re ** s?
    even using Re ** Ro *** If ** in interactive mode, I can't run sys ***. ex ***

    PM please!

  • Rooted! thanks for all the Nudges!

  • edited November 2019

    Am I the only one can't found script to exploit h++p based b+++er o+++f+++ of r+++s ? Damn!
    I figure out the vulnerability is CVE-2019-101++ but now I don't know what can I do, if it's right way... Any hint for me, please? :-(

  • Who was able to use the r**** un** exec module in msf for the user part?

    I have rooted the system
Sign In to comment.