Postman

Rooted

Yeah I’m still stuck at the r****-*** to get a user shell. Any nudges appreciated!

Edited:
nvm, got it…

Can’t connect via ssh with credentials

Enter passphrase for key ‘id_rsa.bak’:
Connection closed by 10.10.10.160 port 22

Stuck at the initial shell. As of now I have:

  • Read and re-re-read the forum posts
  • Read r*** configurations and documentation
  • Insert my id to a certain location with r***-***
  • Use a ready made exploit with m***
  • Use a script from G***.

I know (think) that I should modify a script a bit or get in manually, but something is missing. Any nudges for the initial shell are most welcome!

Edit: Moving forwards, thanks to @p1kabyte +1

More Holes Than Cheese I thought…think simple with root

Please stop rebooting the freaking box! So annoying!

i dont know if that was me or not but i tried rebooting it and never saw it go down? do you know if/why the r----- shell exploit stopped working (maybe just for me?)

got the shell but not able to get privilege it , any help

Need help getting the shell. Any help would be appreciated.

Finally, got a root privilege. Straightforward box.
Everybody knows enumeration is key, but I have missed and stuck in rabbit hole.
I generally use ‘nmap -sC -sV’ options, but do we always have to use nmap deep scan at the first stage? Once we investigated few vulnerabilities against unusual services, then following processes were similar to Traverxec. If anyone still in the cloud,message me. :slight_smile:

Just got root before I got user.Pretty weird but an awesome experience…
Only learnt a lot on the initial foothold really,root was just a very well documented CVE.

Feel free to pm for nudges.

Got root, finally…

Initial shell: was much fun and I learned to use r**** allot better.

User:
Got stuck on simple enumeration, just keep it simple after initial shell and look where you normally also look.

Root:
Well… Not much to say. Root is a giveaway on this box.

If you need a nudge, PM me.

Rooted ! Nice box :slight_smile:
thanks for hints @N0tAC0p

Initial shell…
Well enumerate hard…!
User shell…
Check juice file
Root shell…
check what you have enumerated at the beginning…!

Hey all,
A nudge pls. I can see and connect to r****. cant upload due to read-only

Type your comment> @EphemeralCodex said:

Hey all,
A nudge pls. I can see and connect to r****. cant upload due to read-only

There is a command that can set the writable mode again.

anyon DM for me…
i found liseten port 1**** on 10.10.10.160. this page Wm.
this page currently not work.
if it is work well. how i can get a account?
i use m
***e tool. but it is not figure.

Type your comment> @rholas said:

rs and w*n

10*** /pawod_chne.c*i intresting backdoor

I got this and tried the recent 0day. while checking it through shell script it show “vulnerable”. Checked the video on youtube to get actual RCE. not didn’t work. should check the other service i.e. r***s

Type your comment> @rholas said:

rs and w*n

10*** /pawod_chne.c*i intresting backdoor

I got this and tried the recent 0day. while checking it through shell script it show “vulnerable”. Checked the video on youtube to get actual RCE. not didn’t work. should check the other service i.e. r***s

Finally rooted this ■■■■■■. Great learning for me. Hints:

Initial Foothold:
Futzed with an exploit forever. The master/slave errors tend to be a thing with r***s, apparently. And did finally get the script modified to reflect the environment properly.

User:
I needed to do basic enumeration, but didn’t, so wasted a lot of time here. Also, doing the j**n things with the found thing was new to me.

Root:
M******** with things learned from user.

Fun box thanks for the R***s lesson