Postman

Initial; Scan all ports, make sure you know what the service is and if there’s any way to get access by using it, there’s tons of material online. Also, keep notes of unavailable exploits(those that require creds) even though they don’t work now, it might work later on.
User; Read the history, you will need to locate something that can help you.
Root; Once you got user, go back to your notes and see what was available exploits you can use, since you already have the creds, figure it out

Spoiler Removed

I’ve enjoyed the machine very much.

The initial foothold was a little bit frustrating, due to the huge amount of reset requests.

User was fun :slight_smile:
Root was straightforward and very easy.

Rooted

is there a need to use sys ***. ex ** no re ** s?
even using Re ** Ro *** If ** in interactive mode, I can’t run sys ***. ex ***

PM please!

Rooted! thanks for all the Nudges!

Am I the only one can’t found script to exploit h++p based b+++er o+++f+++ of r+++s ? ■■■■!
I figure out the vulnerability is CVE-2019-101++ but now I don’t know what can I do, if it’s right way… Any hint for me, please? :frowning:

Who was able to use the r**** un** exec module in msf for the user part?

I have rooted the system

@jasperonio said:
Am I the only one can’t found script to exploit h++p based b+++er o+++f+++ of r+++s ? ■■■■!
I figure out the vulnerability is CVE-2019-101++ but now I don’t know what can I do, if it’s right way… Any hint for me, please? :frowning:

Pm me whats your direction

Rooted the box, learned a lot. Thanks to @TheCyberGeek.

Hints:
Everything on this forum is already enough but sharing my part.

Foothold: Do not waste time on regular port, stick to rs, get the script fine tune it and you are in.
User: Do very basic enum and you will get the juicy file just give it to john as he loves juicy things.
Root: You will need to use m
*****t get the right exploit that you found on higher port run it and you are done.

Hope this does not become spoiler :wink:

Thanks for the box! Played with some services I’ve never had occasion to. Cheers.

Got user. On the way to root.

Rooted :). Learned many things that I don’t know completely. Thank you @TheCyberGeek.
Thank you @H3x3D @verdienansein @kkaz @Warlord711 @trollzorftw for hints.

Getting user is more difficult than root.
As said, root is straight forward. Use what you have.

Type your comment> @Flikk said:

Rooted. There are enough hints to get through everything here, but feel free to PM me if needed.

how do get initial shell?

Got user and root. First HTB box. Enumerate, be patient, and stick with it.

Type your comment> @emp1 said:

is there a need to use sys ***. ex ** no re ** s?
even using Re ** Ro *** If ** in interactive mode, I can’t run sys ***. ex ***

PM please!

There is no need to use that command, search for re**s exploit and just follow the instructions step by step.

Type your comment> @ju5tn0w103nt6y said:

Type your comment> @Flikk said:

Rooted. There are enough hints to get through everything here, but feel free to PM me if needed.

how do get initial shell?

Nmap scan for the ports between 1 and 10,000 as someone already suggested in the forums before.

I am studying for the OSCP and I have just rooted this box. If anyone was able to get root without the “tool that makes it easy”. Please send me a message. I am trying to find a way to do it but I am not too sure how to go about it.

Thanks,

can anyone pm i am justing starting can i get some suggestions regarding vulnerability scanner i have found r***s but can’t able to do more than that

can anyone pm i am justing starting can i get some suggestions regarding vulnerability scanner i have found r***s but can’t able to do more than that