Postman

I have troubles with getting user, i found i*_**a.b*k i assuming I have to use that file to findout password and I dont know if I doing something wrong because it takes ages and didnt get any resoult or it isnt correct way. Any hint would be appreciated

I have found the service and also the exploit for r****. (two of them one manual one and one RB script for ms) but both of them fail.

Can maybe someone help me out?

Im stuck trying to get user flag. I got the low privileged shell rs, found ssh priv key, and cracked its passprhase, but I fail to get ssh shell with user Mt, always connection closed.
I got uset credentials to w
***n service but no idea how to take advantage to get a more priveleged shell.
Please PM

Done :slight_smile: Thanks for nice machine @TheCyberGeek

rooted, but 12 hours too late. Had I got it lastnight before Jarvis was removed I’d be a hacker Sniff Sniff

Learned a few things, one of which was ssh keys don’t always have to be where I thought they did

pm if you need a nudge

Rooted. It was a nice box.

This is my second box and I am trying to get root, I have a few ideas but some trouble with em. Please PM me a nudge if you can :slight_smile:

EDIT: Got root in 5 minutes, for some reason what I tried to do last night didn’t work until this morning. feel free to DM me if you need a nudge :slight_smile:

Nice box just rooted. Anyone rooted the box without using the msf module pm me. I get disconnected when tried using the gui for higher port.

Type your comment> @Dinesh42 said:

Got user access @M**t

YOU GAVE AWAYYYY i had low shell and M**t and THE PAssword for matt but you gave away!! :frowning: nvm…

gg tho

Rooted !!
Hints in the forum are more than enough to get yourself going. If any problem don’t stop yourself from DM :slight_smile:

need hint for user

12 hours and finally got root. R—s was pretty new to me and was quite the learning curve.

Tips:

Foothold:
0. READ and RE READ all the messages in this thread, there are a lot of useful nuggets.

  1. KISS. Yes to get a foothold you will need to implement a technique which is hinted at throughout this thread… however, if you find yourself not being able to use s----m-e–c (or anything similar), as well has M----E L–D; you may not be a strong follower of K.I.S.S

Pwn User:
0. Ditto Foothold, regarding keeping it simple.

  1. Pentesting follows a set of steps. As mentioned elsewhere on this thread, a detailed search of what you have available can save a lot time. Note: this is just good general advise, and is intended as such, the fact it may or may not apply here, just shows how good this general advise really is. Again K.I.S.S.

Pop the box (owning root)
0. Ditto and Ditto

  1. By this point the path forward should seem clear, again take stock of assets and make sure you do not forget about the other elephant in the room.

Any box that gives me the chance to learn things I did not know prior to starting is a good box. Thank you to the creator for putting this fun little project together.

@c1cada hey man i rooted in 1 hours. the whole machine but there one issue! i think i did unintended wanna share how you rooted…

Spoiler Removed

someone plz pm me i am stuck in user need of help for privilege escalation??

I got creds for low user but not able to login anywhere, can anyone give a little push?

Type your comment> @cycl0ps said:

I got creds for low user but not able to login anywhere, can anyone give a little push?

Got in, I was messing with case. :smiley:

I’ve got access through r***s. I’ve discovered 4 potential attacks,

  1. webshell → not working (no write access)
  2. copy ss*-related file in home dir → not working (no access)
  3. inject cronjob → not working (no access)
  4. Master/Slave exec payload → not working (missing command MOD***)
    what i’m missing? is it one of the 4 options i discovered?
    Option 4 seemed the most promising to me. Ive worked through this thread, but as it seems i dont understand the breadcrumbs at all.

This is my first box. Managed to get user, but stuck getting root. Have been trying exploits in m*f on w***** with user credentials but unable to get a session. Would be grateful for a PM with any hints/nudges.

Got it! Overlooked an option. Thanks to @usernamestaken and @Lucyn .

ssh -i id_rsa r****@10.10.10.160
r****@10.10.10.160’s password:
Permission denied, please try again.
anyone can help? i input correctly but i can’t login