Postman

Rooted

Rooted. Actually another good chance too improve my skills.

Just got root!

If need help you can ask on pm!

Can’t exploit r***s to login, can somebody dm?

Exploit completed, but no session was created.
and
READONLY You can’t write against a read only slave.

“Is not enabled” why??

I am at root stage. Keep hearing it is easy…is it because people are using metasploit. is there a manual way.

hi, i am trying to get the r*s exploit within m running, but it doesnt seem to work. do I need to tinker something to get this working. If yes i would appreciate assistance as I’m new to this. just pls pm me. thx

Struggling to get a m********* exploit working against w*****… I assume I need to change a path, but my original way of getting in via r**** isn’t working… did something change?

I could use a hint on root if anyone is around.

Hello Guys, I need some help. I can connect to r* and i can upload my id to /v*///.*

But every time I try to s* as r* I’m asked something i shouldn’t been asked when showing the other part of my id.

Rooted. Not sure what was going on, but an exploit I’ve tried a dozen times suddenly worked…

Also the r**** exploit started working again… glad to be finished with this finicky box.

For initial shell: How are you supposed to figure out that user r***s exists on the machine?

Type your comment> @Yannis said:

For initial shell: How are you supposed to figure out that user r***s exists on the machine?

with limited shell? I know one way but it gives me permission denied …and possible other way, I’m not sure if it verifies that it exist. If it does exist, with this limit shell, I am unable to get a dir listing or anything to work.

I have the r…s user and M… user and now I think I have found a loginpage at 10.10.10.160:xxxxx but I just can’t access this page. 10.10.10.160 website works just fine, but not the loginpage. Should I be able to access this page ?

My first rooted box on HTB …DM for ant help

Ok, got user and root, without m********t…
Some tipps&tricks:

Foothold:
Play around and google. There are different(!) ways to get in (don’t go for copy&paste exploits… won’t work :P), BUT as everyone is messing like stupid with automated tools (it is more efficient btw to do it manually…) the box is heavily stressed and flipping around.
As soon as you get in, try to automate it. You do not need some kind of vuln frameworks, a simple bash script is enough to get the low priv shell in. I had to repeat the execution of the script sometimes up to 15 minutes(yes, I used delays :D) until I got in again because ppl were messing with the box. So don’t give up ^^

user:
Now you’re inside, explore what you get. iterate through all files you can open, abuse them and use some basic Linux commands.

root:
my internet sucks, I wouldn’t be able to download bigger frameworks for automation in less than many hours…so back2roots.
Look what you get beside on other ports, get in and play around.
github + chrome/curl was enough to get root.
(now automated with few lines bash)

tldr:
use your brain, frameworks will fail.
“READONLY” and similar messages popping up because ppl try stuff, read the docs for the application to know how to help yourself or wait some minutes until the box had some (soft?) reset on that and is working again. It can be super annoying…I know
Write your findings into a script to have one command to get into in, as its annoying otherwise to execute over and over again the same.

Feedback:
It was my first box on HTB and it was quite funny. I learned here and there some stuff, mainly to be patient because many persons here are messing around with the box which lets it sometimes in a weird state for a couple of minutes. This was from time to time really frustrating ^^
But overall, thanks @TheCyberGeek for this box, I really enjoyed it overall :slight_smile:

(I tried to keep it vague but if it already too much spoiler pls lock the post :))

guys i need some help :frowning:
i’m stuck with the module load and this stuff, hints please

Type your comment> @outisx said:

guys i need some help :frowning:
i’m stuck with the module load and this stuff, hints please

wrong exploit…

rooted with m********t . All hints are on this forum.

can someone nudge me in the right way to enumerate the user so i can use r***s to drop my ssh keys? i just cant find the right directory to drop them in.

Any tips on enumerating users? cannot be certain if it can be done through r****-i or not! I think not, so s needs a user, is cli*** s*****e command (r****-**i command).

I think I’m over complicating things?! Any nudges?