Postman

Got root, finally…

Initial shell: was much fun and I learned to use r**** allot better.

User:
Got stuck on simple enumeration, just keep it simple after initial shell and look where you normally also look.

Root:
Well… Not much to say. Root is a giveaway on this box.

If you need a nudge, PM me.

Rooted ! Nice box :slight_smile:
thanks for hints @N0tAC0p

Initial shell…
Well enumerate hard…!
User shell…
Check juice file
Root shell…
check what you have enumerated at the beginning…!

Hey all,
A nudge pls. I can see and connect to r****. cant upload due to read-only

Type your comment> @EphemeralCodex said:

Hey all,
A nudge pls. I can see and connect to r****. cant upload due to read-only

There is a command that can set the writable mode again.

anyon DM for me…
i found liseten port 1**** on 10.10.10.160. this page Wm.
this page currently not work.
if it is work well. how i can get a account?
i use m
***e tool. but it is not figure.

Type your comment> @rholas said:

rs and w*n

10*** /pawod_chne.c*i intresting backdoor

I got this and tried the recent 0day. while checking it through shell script it show “vulnerable”. Checked the video on youtube to get actual RCE. not didn’t work. should check the other service i.e. r***s

Type your comment> @rholas said:

rs and w*n

10*** /pawod_chne.c*i intresting backdoor

I got this and tried the recent 0day. while checking it through shell script it show “vulnerable”. Checked the video on youtube to get actual RCE. not didn’t work. should check the other service i.e. r***s

Finally rooted this ■■■■■■. Great learning for me. Hints:

Initial Foothold:
Futzed with an exploit forever. The master/slave errors tend to be a thing with r***s, apparently. And did finally get the script modified to reflect the environment properly.

User:
I needed to do basic enumeration, but didn’t, so wasted a lot of time here. Also, doing the j**n things with the found thing was new to me.

Root:
M******** with things learned from user.

Fun box thanks for the R***s lesson

root@Postman:~# id
uid=0(root) gid=0(root) groups=0(root)

but me i went directly root

My third box

Advice :
Step 1 scan deeper than usual with nmap
Step 2 Read, learn about a new service and is vulnerability (most educational part)
Step 3 enumerate when you get the initial shell until you find something interesting that you’ll need to examine
Step 4 add what you know with what you found somewhere (magic)

step 5 cve exploit

Good luck !

there is plenty of hint on the forum i did it without asking to somebody in DM and i have only 3 box so just read re read the forum and take your time

if you need help dm me and if i help you can bless me with a little respect+ on my profile ^^

Any DM’s on this would be a great help for foothold. Used R*****-I and followed well published documents online regarding keys. Also found an exploit that gives me access with a shell prompt, however, no basic commands return anything. Do I have to go back to the c? This defults to the tmp dir after bouncing the box.

Any nudges would be appreciated

I arrived late to this…

I managed to get the unprivileged shell with r****-i. I eventually got disconnected. Now I cannot get again that shell using the same technique. Has anything changed on r**?

Having r****-i come back with an error of sy**.e**c unknown… I know I am going in the right direction, but commands not recognized. DM help please.

Type your comment> @MactheDice said:

Having r****-i come back with an error of sy**.e**c unknown… I know I am going in the right direction, but commands not recognized. DM help please.

Enable verbosity on r****-**i and you’ll realize that might not be the right path.

i found ik and i decrypt it and i got c8.Then I used it to login user @M*** but it say Connection closed by 10.10.10.160 port 22

Rooted :slight_smile:

Rooted the box, great box learned a lot thanks @NFire0111111 for the hint

I’m just wondering if someone could DM me. I don’t want any answers but I’m a NOOB and could really use someone to just get me off the ground. I understand if I’m out of line asking

Nice box! Getting the initial shell was a challenge but I believe that was due to the unfamiliarity with R****. After researching and playing around with R****, I found the directory to inject a certain file in order to get in. If you are unsure of what I am referring to, there is a cookbook you can read that will talk about this.

After getting in, I noticed juicy loot and ran my pal J*** against it, but came up short when I attempted to connect as our friend M***. I read the config file for the service and found out why. Darn!

Since my pal did his job well, I now have access to a certain interface that’s running on a high port. Maybe that will work?

If you are successful - you will notice our friend only has access to a very limited selection of tools. However, one of them is exploitable. That might be why this box was rated very CVE heavy? Have a look around and see if you can find a certain repo on GitHub? Maybe one that is for OSCPs since a certain framework is banned?

root@Postman:/# whoami && id && ifconfig ens33
root
uid=0(root) gid=0(root) groups=0(root)
inet 10.10.10.160  netmask 255.255.255.0  broadcast 10.10.10.255

i finally got root. this was my first hack. still feel like a total noob, but pretty stoked. still curious to know why the one manual exploit i was using that i found via g* worked initially, but then the next day and beyond i wasnt able to connect with it anymore.