Postman

Type your comment> @yyhh01 said:

And yes i can see your IP…

wanna see my PP ?

well i got user. but i think its just because one of you dirty hackers left your droppings in /tmp >,<

Got root! But I skipped user, can someone explain me in pm how to gain user from r***s without going straight to root? Thanks :slight_smile:

nice box
Finally rooted
I would say thanks to iamnobody and Chantal2019 for nudges

root@Postman:~# date;hostname;whoami
Wed Nov 13 11:36:58 GMT 2019
Postman
root
root@Postman:~#

Spoiler Removed

managed to get root, thanks @MrPennybag and @sqw3Egl for the nudge on foothold!

Looking for some help, I can’t get john to crack i*_*.b
used ***2john.py and rockyou and still nothing.

Type your comment> @strix553 said:

Looking for some help, I can’t get john to crack i*_*.b
used ***2john.py and rockyou and still nothing.

Same :frowning:
edit: just my curly hands thx @bumika & rooted

Interesting. PM me, and I try to help you.

Hi guys, someone can give me some hints about the initial user enumaration? I’m on the right way (i guess) but i can’t figure out how to find the right user to exploit the r**** shell.

Could anyone help me with Postman machine ?
In the begining…I’m stucked with Webmin page, and i don’t know what i need to didIf you can’t understand me, could you talk me ?
I’m brazilian, and i don’t wanna use translate. I need traine my english and my hacking skills LOL

Well that was embarrassing, trying to open a door with the key the wrong way around - ■■■■!

User + Root = Root Dance!!!

Shout out to @dnperfors for the nudge - thank you.

Can someone PM ME?

I am trying to ssh as the user after using john successfully. I keep getting connection closed by xxx port 22. Is this normal?

Type your comment> @Reigada said:

Can someone PM ME?

I am trying to ssh as the user after using john successfully. I keep getting connection closed by xxx port 22. Is this normal?

Check the content of sshd_config.

Mmkay. I need a nudge. I have found the ports and services I should be looking at. Found the webmin page. I can connect using r****-c** to the appropriate port. It seems to make this particular exploit work I would need a valid username.

So I think that’s where I am failing. Can I assume I need to enumerate further to uncover this information? If so (or not) would someone mind giving me a push in the direction.

Thanks!

Hello anyone can give me a nudge! already got the shell via r*** and i’m sure i have to find a .ba* file but i don’t know where to search for that.

Anyone else finding/found this box really tempremental?..Exact same process sometimes successful and sometimes not…or is it just me?

Type your comment> @ByteM3 said:

Anyone else finding/found this box really tempremental?..Exact same process sometimes successful and sometimes not…or is it just me?

if your talking abt getting into r**** . its because everyone is running the exact same script and overwriting everyone else using that script.

anyone can help me with root?

@pjnrodrigues said:
anyone can help me with root?

Machine is rated with CVE
Why dont u find one??