Postman

new to HTB and need a hint or nudge on what to do with r****-c** exploit. I read up on documentation and have been trying to understand the r**** exploit but I can’t seem to get a s** sh*** or any k** to work for me. IF anyone has helpful nudges or tips for a newbie please pm or comment!

This was my first box. Ended up doing the r****-c** stuff manually, so there was a lot of interesting things to learn there. :slight_smile: I had a ton of issues getting root the easy way… but it all boiled down to a typo on my part.

Well that was interesting! I guess the first time I got into the machine someone had already exploited the r**** so it was a walk in the park lol. It got reset and I got to educate myself on fixing that little problem :stuck_out_tongue: lol but still stuck between User / Root.

!!! :smiley:

root@Postman:~# id
uid=0(root) gid=0(root) groups=0(root)

First live one. Thanks for the hints everyone!

rooted! what a fun box. Thanks to people for hints. Really enjoyed this box.

Type your comment> @popcorn said:

Ok, I got user. I think the problem I had was I was trying to do the box while others were on the box at the same time. It’s really frustrating but I tried. Thanks to the people giving out clues on this forum. It really helped. I going to now read hints to root and try to root it.

i have got a user shell but i don’t know how to get user flag… i am trying a lot what should i do…

Type your comment> @clubby789 said:

5 minutes to go, everyone ready?

@clubby789 said:
5 minutes to go, everyone ready?

i have got a user shell, i am trying a lot to find a user flag but i cant what should i focus on … if anyone can help me pls help me

@clubby789 said:
Low privelige shell got, let’s see what’s next…

can someone help me i got stuck in r****-**i

Type your comment> @noi said:

Just got root!

If need help you can ask on pm!

help me… i have got a i***.b** file what should i do now

rooted, nice machine!

Pm for help

Hey.
  This is my first box on hackthebox.
  I’ve been trying to get through it for a long time. My efforts led me to a standstill.
 I find r**** port. Started looking for exploits. M***t found 4 exploits, only one worked. He returned the info. On the Internet, I found an exploit for the r**** r**** s. When starting, an error occurs - an unknown Module.
  He began to search further. Found a shell script. It should load the ssh key. Not working in my case. I get an error - the password is incorrect. I need help, help whoever can.

I am new to Rs and am struggling to get the uname and pwd for the W** enumeration. Some help would be appreciated.

Rooted.
PM with where you are stuck for hints.

i just got in via r**** but now i cant reconnect? was able to get the i*.rb and then get its passphrase, but then when that works i get “Connection closed by 10.10.10.160 port 22”

Rooted.
Nice box.
User → study how redis user is located in the box
Root → simple exploit
Nice box!

@paidtheprice said:
i just got in via r**** but now i cant reconnect? was able to get the i.rb* and then get its passphrase, but then when that works i get “Connection closed by 10.10.10.160 port 22”

The passphrase might work somewhere else.

Good morning guys, it has happened to you that when you are using redis and you want to get into a directory, you are told that you do not have permits if someone is so kind as to help me out

please stop dumping your keys on the system! if you run a command that pipes input into the r****-***, note that it is coming from your machine, not the remote machine!

Is anyone else having issues with j**n running really slow? This system will be retired by the time it is done…