Postman

2456728

Comments

  • Type your comment> @MonocleHat said:

    Type your comment> @Crashie said:

    Type your comment> @MonocleHat said:

    Ok so slight update:
    One exploit i tried apparently worked, but...theres no session that was created :/

    haha me too, i got a little excited when i saw the exploit going green, then showing a "no session created" kinda bummed me out xD

    We shall try harder :)

    I need another box to rank up ;-;

    omg me too (i think), but try harder :')

  • Stats: 0:46:53 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan
    SYN Stealth Scan Timing: About 3.45% done; ETC: 16:03 (21:52:21 remaining)

    It's just insane. a little nudge that will help to narrow down port list will be greatly appreciated

  • Ok! Owned it. Must say that I learned something new too.
    Bit of a strange feeling compared to being stuck on forest for days (and counting).
    Easy machine? Can't say, but more in line with my current skills.
    DM for nudges if you are stuck, because there's good karma in that and I will need it in the future here.
    (Even though it is a bit early to say that you are really stuck already now. ;) )

  • @olsv said:

    Stats: 0:46:53 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan
    SYN Stealth Scan Timing: About 3.45% done; ETC: 16:03 (21:52:21 remaining)

    It's just insane. a little nudge that will help to narrow down port list will be greatly appreciated

    All the ports on the box are withing the range 1-10000, if that helps. You could try using masscan as well

    clubby789

    • GCIH
      If you need help with something, PM me how far you've got already, what you've tried etc (I won't respond to profile comments). And remember to +respect me if I helped you ; )
  • There is a very good book called: Kali Linux - An Ethical Hacker's Cookbook is Great, good luck guys

  • edited November 2019

    Nice machine !
    For USER: Read the basic cheat sheets on the service you want to exploit, then fix your script. Then move "lateral" to the other user.
    ROOT: As said, you know are able to use an exploit that you couldn't use before.

    image

  • Rooted after fighting with unresponsive login page for about 1 hour.

    Tip: Never bruteforce login pages ! That's almost never the answer, and on top of that, you are ruining the box for other people.

    If you need tips you can PM me with your progress

    trollzorftw

  • here cause i'm waiting ports to work grrrrrr

  • Rooted! big thanks to the people on the forum!

    Pm if you need a nudge

  • Foothold: Look up high, find a guiding red star and exploit it semi-manually. By which I mean don't blindly rely on exploit scripts (they won't work).
    User: Lateral movement + standard enumeration
    Root: Go back to the start and find another way in. :)

    Xentropy
    Null | Nada- | Zip | Diddly | Zilch+

  • Hi can help me I am stuck at msfvenom for 1.91x
  • Type your comment> @ZeWanderer said:
    > Type your comment> @j3wker said:
    >
    > (Quote)
    > How did you get low priv shell? My R***** and W***** exploits keep failing

    I did not use an exploit but read on the vuln and used r****-cli

    Apt-get install r****-t***
  • Type your comment> @Dark0 said:
    > There is a very good book called: Kali Linux - An Ethical Hacker's Cookbook is Great, good luck guys

    That lead me to a later article ;) very well written that explain the vuln you seek and the method you wish 😂
  • I found python script, prompt me a shell with seconds anyone managed to access using that script.

    N3v3r Giv3Up, 3v3ry th!ng !s p0ss!ble .

  • edited November 2019

    Rooted it yesterday - dunno what to tell you its basically a worthless machine - didn't learn anything.
    Followed a CVE and then enumerated it to get root - that's it.
    I also think its the best hint i can give you without spoiling

  • Guys anyone can help for user, I have low priv shell, found SimHS*****.p* is this a right path or just rabbit hole?

    N3v3r Giv3Up, 3v3ry th!ng !s p0ss!ble .

  • *Spoiler Removed*
  • edited November 2019

    Spoiler Removed

    N3v3r Giv3Up, 3v3ry th!ng !s p0ss!ble .

  • Type your comment> @Icyb3r said:

    Guys anyone can help for user, I have low priv shell, found SimHS*****.p* is this a right path or just rabbit hole?

    Enumerate more

    trollzorftw

  • Please STOP changing the config dir, the default is fine.

    For asking help, please describe what you have tried so far, so i don't spoil too much.
    If you believe i was able to help, please provide feedback by giving respect:
    https://www.hackthebox.eu/home/users/profile/122308

  • Type your comment> @tang0 said:

    Please STOP changing the config dir, the default is fine.

    though I liked this machine on the whole, it would be better if the r**** config/data got reset automatically every X minutes. I had to reset the box to get it back to the original settings. also other people leaving stuff behind ruins the experience a bit...

  • Rooted, Thanks @TheCyberGeek for the box.

    PMs welcome, but dont forget to mention your current standing. :)
  • Why is it that, sometimes I try using *****-cl*, it says it's in Read-only. Yet sometimes it works...

  • Type your comment> @Icyb3r said:
    > Spoiler Removed

    Sorry for that 🙃

    N3v3r Giv3Up, 3v3ry th!ng !s p0ss!ble .

  • Type your comment> @requiem said:

    Why is it that, sometimes I try using *****-cl*, it says it's in Read-only. Yet sometimes it works...

    It's happening to me too.. Dunno if someone is messing with the box.

    Hack The Box

  • Type your comment> @tang0 said:

    Please STOP changing the config dir, the default is fine.

    This statement is not 100% correct

  • Type your comment> @verdienansein said:

    Type your comment> @requiem said:

    Why is it that, sometimes I try using *****-cl*, it says it's in Read-only. Yet sometimes it works...

    It's happening to me too.. Dunno if someone is messing with the box.

    So I got that too, but the good news is that you can me it RW. Have a look in the config.

    SIG

  • Any hints for how to get SSH as M******* ? I am stack past the R***** shell

    SIG

  • edited November 2019

    So, is Si****H**********r.py just a rabbit hole for user?

    Hack The Box

Sign In to comment.