Postman

Any tips on enumerating users? cannot be certain if it can be done through r****-i or not! I think not, so s needs a user, is cli*** s*****e command (r****-**i command).

I think Iā€™m over complicating things?! Any nudges?

Type your comment> @salt said:

Any tips on enumerating users? cannot be certain if it can be done through r****-i or not! I think not, so s needs a user, is cli*** s*****e command (r****-**i command).

I think Iā€™m over complicating things?! Any nudges?

r****-**i is the right way

Type your comment> @0xbadbac0n said:

Type your comment> @salt said:

Any tips on enumerating users? cannot be certain if it can be done through r****-i or not! I think not, so s needs a user, is cli*** s*****e command (r****-**i command).

I think Iā€™m over complicating things?! Any nudges?

r****-**i is the right way

Thanks! will it enumerate users, or should I create the s** user and get it?

Just rooted the box. Honestly if you are not familiar with Rs it can be difficult. That took the longest. Once I got user I got root in about 10 minutes. Hint would be if something does not work how it should look to see if you can do it another way, once you are in check your scan results again and see if you can find anymore vulnerabilities for root. Thanks to @noi, @Lycist, and @s0clyst for the hints on Rs.

Rooted, fun box.

Rooted! Feel free to contact me for hints :slight_smile:

User & root owned. I would recommend this box to anybody starting out

Rooted, Feel free to ask for hints :slight_smile:

Rooted! Good box for newbies. thx @bumika
PM 4 hints.
Also, dont forget about case sensitiveā€¦

Type your comment> @salt said:

Type your comment> @0xbadbac0n said:

Type your comment> @salt said:

Any tips on enumerating users? cannot be certain if it can be done through r****-i or not! I think not, so s needs a user, is cli*** s*****e command (r****-**i command).

I think Iā€™m over complicating things?! Any nudges?

r****-**i is the right way

Thanks! will it enumerate users, or should I create the s** user and get it?

np, the r**** user should be enough to get get a low priv shell

Someone have some tips for initial user enumeration? Getting root is very obviousā€¦

Just rooted 1st box thanks to @Franna and @S0clyst for the nudges. Message for a nudge.

Spoiler Removed

OK - revisiting this system, have user. Working on root, I think I have the correct exploit via CVE and git. However when using it, I get redirected to a Security Warning.

I am using the userā€™s c***** in B*** S****.

I have reset the system about half a dozen times to make sure the configs havenā€™t been changed. But the some times the r****-c** exploit doesnā€™t work.

Am I on track here? (for root)

Hmm so I tried to overwrite Axxxxxxxxxxxx but it doesnā€™t work. Is it suppose to work and Iā€™m just getting unlucky?

i really went about this one backwards; rooted before I got user but I guess I was really focused on the path to root that i kept going?! idk User just took me to think about how i could use what i already had and thenā€¦ duh. Anyone else feel it was a lil crowded, or was it just my bad timing?
I thought it was a good box @TheCyberGeek

I finally got an initial foothold after a small hint in this thread tipped me off. And Iā€™m now going after user. But I have to ask, how in the name of all that is good, do you manage to find that directory for that oddball config of **h? Can someone who did it on their own PM me, please and explain the thought process. It would have been dumb luck for me to have found it. Much thanks in advance. Now on to user.

Hours later, got user. and got root Root was much easier. I liked this box. @TheCyberGeek thanks.

Rooted, PM nudges are welcome.

Rooted, I enjoyed this box. There are plenty of hints on here already. Also remember to check the boxā€™s profile page via HTB to see what it consists of. The main point that pops out is it is heavily CVE related.

That said, you can PM me via discord for hints.

Thanks for the box. As a n00b, I appreciate the easier boxes, and I thought this one had some nice quirks to keep the obvious exploits from working. Also the password that doesnā€™t work where you think it does was a useful reminder to keep my options open.