Postman

rooted

PM me for help.

Pretty easy box. When i was waiting for user, i eventually got root lol.

User (or initial shell): do you see something new in your scan? A pretty nice time to google about it, isn’t it? Hint: as mentioned above, don’t change the dir

Root: simpler than 2, 3, 5, 7 and 11. I even didn’t use LinEnum. Connection closed? Maybe you are not welcome to come through this door? But every house has windows…

PM if you completely lost :wink:

can someone please tell me where i can read up on using ssh2john.py
never mind found it!

Hi all! I am stuck in ris. i noticed that here is no MO*E command, so exploits didnt work, drop some key file in some directory isnt work for me (idk, is it working at all). i think i can do something with LUA scripting here, but no luck. Help, i need somebody, help… :smiley:

This is my first attempt to hack the box after 2 weeks of learning.
The box is rooted thanks to a great community, you are the best guys!

Rooted! Fun box. Learn a lot through user!! PM if you need some help!

I am root! :stuck_out_tongue: Certainly an enjoyable box. I found the initial foothold to be a very good learning experience. :slight_smile:

My hints.

User:

1º The obvious exploit is not going to work.

2º Read articles about the vulnerability, and you will find an alternative approach. There are tons of articles about it.

3º Once you do your research, remember that not all home directories fall under home.

4º Play with a client tool to get additional information.

5º Prepare your attack, and get in.

Root:

1º Go back to your initial enumeration.

2º Don’t overthink. Root is easy.

@TheCyberGeek , thank you for the box.

Rooted! thanks people from HTB for all the hints!
fun box for beginners… like me ?

Just got root!

Thanks to @TheCyberGeek for the box.

PM if you’re stuck.

i found the i*_**.**k and i try to john with rockyou and no luck, did i miss somthing ?

Am I the only one that is having extreme trouble getting the initial shell?

When I run the script, it will display “ERR changing directory permission denied” then prompt for a password…

Anyone else have this issue? I tried my s**_config file but no luck…

@ghsi10 said:
i found the i*_**.**k and i try to john with rockyou and no luck, did i miss somthing ?

Have you converted it to the proper format? It should work with rockyou

@MalwareMonkey said:
Am I the only one that is having extreme trouble getting the initial shell?

When I run the script, it will display “ERR changing directory permission denied” then prompt for a password…

Anyone else have this issue? I tried my s**_config file but no luck…

I suppose you are trying your attack in the root directory.

Search for another directory where your attack would work.

Rooted. There are enough hints to get through everything here, but feel free to PM me if needed.

Rooted! Went straight from initial foothold → root. Wouldn’t mind someone talking me through the way they accessed user though. PM for hints!

Yesterday I have rooted the machine after struggling quite a lot on initial foothold. Thanks @tnorris for grabbing me out of a deep rabbit hole :).

The machine is easy, but it’s prone to errors. There is one service which is totally unused (at least for me), which someone might overthink and get lost into. Also the way to get foothold is a bit confusing as well (why s** configuration should be like that?) and mostly is very prone to pollution between users. You don’t need to change almost anything to exploit r*, but before you get to know that, it is very likely you will try.

Anyway, as all the machines where you struggle, I learned and was prompted to dig more into r*, so it was a learning experience. Thanks @TheCyberGeek !

Rooted!

User: Not the most complicated but you can get confused at some point.
Pm me if you need hints

Root: Really easy

Sometimes I try to do things and it just doesn’t work out the way I wanted to. And I get real frustrated.

Rooted!

Thanks @TheCyberGeek for the interesting box. I’m still rather new to this so there was plenty for me to learn and it reminded me of how its important to enumerate enumerate enumerate before digging deep down the wrong hole.

Initial shell keeps dropping on public server. so annoying. Is anyone else facing the same problem?