Postman

Been bangin my head against this box all day, could use a nudge if someone wouldn’t mind.
I’ve gotten the been using what I think is the right exploit but cant seem to get it to work correctly.

Type your comment> @SolAngelus said:

Been bangin my head against this box all day, could use a nudge if someone wouldn’t mind.
I’ve gotten the been using what I think is the right exploit but cant seem to get it to work correctly.

I hope this isnt too much, but to get initial shell I found a script that I had to change for the user. Think about where you will land based on what you can enumerate using Re***-**i. Then update the script to match what you find.

I hope that helps

For msmodule and root is there anything special that needs to be done or just update user/password and vh***?

So, to get root after you have M*** do you have to exploit W**** and the pa******_c***** to change the pass?

I’m self learning pen testing and honestly lol user wasn’t that bad but I’m totally lost even with the hints. A lot of CVE out there but most don’t work because something isn’t installed and or I’m just hitting the wrong targets maybe?

Pm with a tip?

new to HTB and need a hint or nudge on what to do with r****-c** exploit. I read up on documentation and have been trying to understand the r**** exploit but I can’t seem to get a s** sh*** or any k** to work for me. IF anyone has helpful nudges or tips for a newbie please pm or comment!

This was my first box. Ended up doing the r****-c** stuff manually, so there was a lot of interesting things to learn there. :slight_smile: I had a ton of issues getting root the easy way… but it all boiled down to a typo on my part.

Well that was interesting! I guess the first time I got into the machine someone had already exploited the r**** so it was a walk in the park lol. It got reset and I got to educate myself on fixing that little problem :stuck_out_tongue: lol but still stuck between User / Root.

!!! :smiley:

root@Postman:~# id
uid=0(root) gid=0(root) groups=0(root)

First live one. Thanks for the hints everyone!

rooted! what a fun box. Thanks to people for hints. Really enjoyed this box.

Type your comment> @popcorn said:

Ok, I got user. I think the problem I had was I was trying to do the box while others were on the box at the same time. It’s really frustrating but I tried. Thanks to the people giving out clues on this forum. It really helped. I going to now read hints to root and try to root it.

i have got a user shell but i don’t know how to get user flag… i am trying a lot what should i do…

Type your comment> @clubby789 said:

5 minutes to go, everyone ready?

@clubby789 said:
5 minutes to go, everyone ready?

i have got a user shell, i am trying a lot to find a user flag but i cant what should i focus on … if anyone can help me pls help me

@clubby789 said:
Low privelige shell got, let’s see what’s next…

can someone help me i got stuck in r****-**i

Type your comment> @noi said:

Just got root!

If need help you can ask on pm!

help me… i have got a i***.b** file what should i do now

rooted, nice machine!

Pm for help

Hey.
  This is my first box on hackthebox.
  I’ve been trying to get through it for a long time. My efforts led me to a standstill.
 I find r**** port. Started looking for exploits. M***t found 4 exploits, only one worked. He returned the info. On the Internet, I found an exploit for the r**** r**** s. When starting, an error occurs - an unknown Module.
  He began to search further. Found a shell script. It should load the ssh key. Not working in my case. I get an error - the password is incorrect. I need help, help whoever can.

I am new to Rs and am struggling to get the uname and pwd for the W** enumeration. Some help would be appreciated.

Rooted.
PM with where you are stuck for hints.

i just got in via r**** but now i cant reconnect? was able to get the i*.rb and then get its passphrase, but then when that works i get “Connection closed by 10.10.10.160 port 22”

Rooted.
Nice box.
User → study how redis user is located in the box
Root → simple exploit
Nice box!