Postman

Anyone have any nudges for user? I found something for the user, but the config is blocking connections from them (unless that’s the problem to solve?). I also found a certain script owned by the same user, but not sure if that’s a rabbit hole.

EDIT: Nevermind, managed to get user.

Why w***** shutdowns sometimes ?..

Stuck on user. I’m not sure if r**** is the way to go as the exploit isn’t working, found the script. Need a nudge

rooted nothing learned

Found a i*_r**.bak. Is right for User?

Type your comment> @verdienansein said:

Found a i*_r**.bak. Is right for User?

yup you are on the right path. :slight_smile:

learned a few things about R*dis :slight_smile:

I don’t know why the MOULE command was not available @ Rdis v4.. but this is the reason why the obvious [M] exploit wasn’t working!

Initial foothold may not work @ the first few tries

P.M for hints friends!

Type your comment> @Icyb3r said:

Type your comment> @verdienansein said:

Found a i*_r**.bak. Is right for User?

yup you are on the right path. :slight_smile:

rockyou is enough to solve this part?

Type your comment> @q1Z said:

Type your comment> @Icyb3r said:

Type your comment> @verdienansein said:

Found a i*_r**.bak. Is right for User?

yup you are on the right path. :slight_smile:

rockyou is enough to solve this part?

tried r****u → nope
tried c
l on web + some rules… → nope

Type your comment> @q1Z said:

Type your comment> @Icyb3r said:

Type your comment> @verdienansein said:

Found a i*_r**.bak. Is right for User?

yup you are on the right path. :slight_smile:

rockyou is enough to solve this part?

It works.

Type your comment> @MrW0l05zyn said:

Type your comment> @q1Z said:

Type your comment> @Icyb3r said:

Type your comment> @verdienansein said:

Found a i*_r**.bak. Is right for User?

yup you are on the right path. :slight_smile:

rockyou is enough to solve this part?

It works.

you are right… just an old john version…

Rooted

Rooted! It is nice for me to always know and learn from a new service. Also reinforce once again the importance of hardening the configuration of these at the time of installation.

Private message if you need help with “Postman”.

Got User. Now going for root!

rooted in 5 mins after user, too easy

Rooted. Root part was way too easy.
Btw, why was it named Postman?

rooted :slight_smile: thx for the hints @MrW0l05zyn & @trollzorftw

Rooted :).

Not a very interesting box tbh. PM me if needed !

Rooted. The initial step wasn’t difficult but a bit confusing if you’re not too familiar with R*d**. The privilege escalation part was a bit too easy for my liking. I’m sure it might hold some value for beginners. If you need help PM me.

Not the best box here, but whatever. I guess the first step could be messy on public…
I got root before user, not really sure if I missed something obvious.