Postman

Type your comment> @ByteM3 said:

Anyone else finding/found this box really tempremental?..Exact same process sometimes successful and sometimes not…or is it just me?

if your talking abt getting into r**** . its because everyone is running the exact same script and overwriting everyone else using that script.

anyone can help me with root?

@pjnrodrigues said:
anyone can help me with root?

Machine is rated with CVE
Why dont u find one??

Type your comment> @pjnrodrigues said:

anyone can help me with root?

IF you find your first approach looking at the middle ages… try to listen and LEARN what the elders have to tell you…

Spoiler Removed

I think I need a nudge… I ran Nikto, scanned all for nmap. Found the post man login page. I attempted to use r***s however whenever i try to set the keys in the db i get a permissions denied error. I am at a loss now.

Really great box, rooted it and me and a friend sat down and wrote up a way to exploit wn without using m***t. Just b and mv needed (with a valid login ofc). My first ever submission to the exploit-db and we’re really happy it worked!

if your talking abt getting into r**** . its because everyone is running the exact same script and overwriting everyone else using that script.

The best thing to do is write a 1liner that does the whole script and login at once, if done right you get access and keep it even if the file is overwritten.

The best thing to do is write a 1liner that does the whole script and login at once, if done right you get access and keep it even if the file is overwritten.

…Fair one. I’ll have to give it a go tomorrow.

can anyone DM some hints about the type of enumeration I should try doing? I have performed basic scans and vulnerability scans but am not seeing the service mentioned here. help would be appreciated!

No way if people still typing “flushall”

9 time in last 10 minutes, all from the same ip. That’s nice

I think I might implode with how this is getting flushed…

finally rooted, thankyou to @FoX01 @kenahack @mctheem and @KillerTShell. No doubt to PM me for help!

Anyone willing to nudge me please? Got foothold with user r**** and lost at this point

Thank you @JadeWolf for the nudge

■■■, it took me ages to get root.
I was on the right path for hours, turns out the exploit was failing, had to modify manually to get it working *facepalm

Rooted, fun box, learnt a lot about thing’s I’ve not seen before! Thanks @TheCyberGeek

My tips are keep trying but don’t get stuck on one method, there’s a few ways of getting the first shell that won’t work.
For user: find the interesting file and find what you can do with it.
For root: CVE

Rooted! Thank you @rholas for tips!

Can’t seem to find w*n or r in my enumeration. Can someone PM me? This is only my second box.