Postman

Type your comment> @Reigada said:

Can someone PM ME?

I am trying to ssh as the user after using john successfully. I keep getting connection closed by xxx port 22. Is this normal?

Check the content of sshd_config.

Mmkay. I need a nudge. I have found the ports and services I should be looking at. Found the webmin page. I can connect using r****-c** to the appropriate port. It seems to make this particular exploit work I would need a valid username.

So I think that’s where I am failing. Can I assume I need to enumerate further to uncover this information? If so (or not) would someone mind giving me a push in the direction.

Thanks!

Hello anyone can give me a nudge! already got the shell via r*** and i’m sure i have to find a .ba* file but i don’t know where to search for that.

Anyone else finding/found this box really tempremental?..Exact same process sometimes successful and sometimes not…or is it just me?

Type your comment> @ByteM3 said:

Anyone else finding/found this box really tempremental?..Exact same process sometimes successful and sometimes not…or is it just me?

if your talking abt getting into r**** . its because everyone is running the exact same script and overwriting everyone else using that script.

anyone can help me with root?

@pjnrodrigues said:
anyone can help me with root?

Machine is rated with CVE
Why dont u find one??

Type your comment> @pjnrodrigues said:

anyone can help me with root?

IF you find your first approach looking at the middle ages… try to listen and LEARN what the elders have to tell you…

Spoiler Removed

I think I need a nudge… I ran Nikto, scanned all for nmap. Found the post man login page. I attempted to use r***s however whenever i try to set the keys in the db i get a permissions denied error. I am at a loss now.

Really great box, rooted it and me and a friend sat down and wrote up a way to exploit wn without using m***t. Just b and mv needed (with a valid login ofc). My first ever submission to the exploit-db and we’re really happy it worked!

if your talking abt getting into r**** . its because everyone is running the exact same script and overwriting everyone else using that script.

The best thing to do is write a 1liner that does the whole script and login at once, if done right you get access and keep it even if the file is overwritten.

The best thing to do is write a 1liner that does the whole script and login at once, if done right you get access and keep it even if the file is overwritten.

…Fair one. I’ll have to give it a go tomorrow.

can anyone DM some hints about the type of enumeration I should try doing? I have performed basic scans and vulnerability scans but am not seeing the service mentioned here. help would be appreciated!

No way if people still typing “flushall”

9 time in last 10 minutes, all from the same ip. That’s nice

I think I might implode with how this is getting flushed…

finally rooted, thankyou to @FoX01 @kenahack @mctheem and @KillerTShell. No doubt to PM me for help!

Anyone willing to nudge me please? Got foothold with user r**** and lost at this point

Thank you @JadeWolf for the nudge