Postman

Rooted! Thanks to all for the help! I enjoyed learning about the services on this box. Thanks for providing it, @TheCyberGeek!

Rooted,thanks for who helped me.
PM me if you need hint
YaSsInE

I got access with r… user and found the i._…k file.
I have used ssh2john to move it to hash and john to find the passphrase…I got a match with c…8 but connection get closed…for sure I do something wrong, but what?

Type your comment> @garbo77 said:

I got access with r… user and found the i._…k file.
I have used ssh2john to move it to hash and john to find the passphrase…I got a match with c…8 but connection get closed…for sure I do something wrong, but what?

In which directory user.txt is saved? Think and check users.

I try to connect it with my rce py it get connection time out I use 10.10.10.160

Type your comment> @Pratik said:

Type your comment> @garbo77 said:

I got access with r… user and found the i._…k file.
I have used ssh2john to move it to hash and john to find the passphrase…I got a match with c…8 but connection get closed…for sure I do something wrong, but what?

In which directory user.txt is saved? Think and check users.

rooted…enumerate enumerate enumerate :slight_smile:

I am trying to sync redis slave to master but it does not seem to work. Any nudge?

Type your comment> @garbo77 said:

rooted…enumerate enumerate enumerate :slight_smile:

PM me? I don’t understand why I’m getting connection closed.

Type your comment> @garbo77 said:

I got access with r… user and found the i._…k file.
I have used ssh2john to move it to hash and john to find the passphrase…I got a match with c…8 but connection get closed…for sure I do something wrong, but what?

I’m exactly in the same point…

spoiler removed

If you see “connection get closed” then try the password you found elsewhere.

@LoRKa said:

Rooted. The box is quite easy although you can always learn something.
There are too many hints in the forum to solve this.
Something that I have found curious is to see how the author has left all .bash_history with his commands.

Enjoy friends!

:smiley: OOPS! That should of definatly not been left behind! I guess we all make mistakes XD

@thr33per @n4v1n @0X44696F21 Thanks for your kind words! I’m glad you all enjoyed it!

I’have some errors on remote “r***” (for first shell) but not in my local instance is a normal behavior ? .

Rooted. The user was way harder than root.
I got the root in 5 minutes after root ( research included )
If you need some hints feel free to PM me.

Special thanks to @PinkDraconian who helped me in the process :smiley:

need hint for root pls dm me

Type your comment> @ethicalkiller said:

need hint for root pls dm me

Use information from your initial recon, you’ll know where to go next.

I’ve got r**s user. I don’t know how to use the i_**a.bak file to proceed. Any help would be awesome.

Thanks @TheCyberGeek. Was indeed an easy one. Did go directly to root, with information found in shell via r*.

User: Go through r* to get the key and use the pass.
Root: CVE

can i get the user the same way i got on the box?

EDIT: I should just read the post above…

Relatively easy, but made me realize that i still dont have a routine and i fall for rabbitholes. I still think it was entertaining and actually rating is spot on.