Postman

1151618202138

Comments

  • Type your comment> @rholas said:

    r***s and w****n

    10*** /pawod_chne.c*i intresting backdoor

    I got this and tried the recent 0day. while checking it through shell script it show "vulnerable". Checked the video on youtube to get actual RCE. not didn't work. should check the other service i.e. r***s

  • Type your comment> @rholas said:

    r***s and w****n

    10*** /pawod_chne.c*i intresting backdoor

    I got this and tried the recent 0day. while checking it through shell script it show "vulnerable". Checked the video on youtube to get actual RCE. not didn't work. should check the other service i.e. r***s

  • Finally rooted this bugger. Great learning for me. Hints:

    Initial Foothold:
    Futzed with an exploit forever. The master/slave errors tend to be a thing with r***s, apparently. And did finally get the script modified to reflect the environment properly.

    User:
    I needed to do basic enumeration, but didn't, so wasted a lot of time here. Also, doing the j**n things with the found thing was new to me.

    Root:
    M******** with things learned from user.

    c0nsid3rate

  • edited December 2019

    Fun box thanks for the R***s lesson

  • [email protected]:~# id
    uid=0(root) gid=0(root) groups=0(root)

    but me i went directly root

    My third box

    Advice :
    Step 1 scan deeper than usual with nmap
    Step 2 Read, learn about a new service and is vulnerability (most educational part)
    Step 3 enumerate when you get the initial shell until you find something interesting that you'll need to examine
    Step 4 add what you know with what you found somewhere (magic)

    step 5 cve exploit

    Good luck !

    there is plenty of hint on the forum i did it without asking to somebody in DM and i have only 3 box so just read re read the forum and take your time

    if you need help dm me and if i help you can bless me with a little respect+ on my profile ^^

    rootmotus

  • Any DM's on this would be a great help for foothold. Used R*****-**I and followed well published documents online regarding keys. Also found an exploit that gives me access with a shell prompt, however, no basic commands return anything. Do I have to go back to the c**? This defults to the tmp dir after bouncing the box.

    Any nudges would be appreciated
  • I arrived late to this...

    I managed to get the unprivileged shell with r****-**i. I eventually got disconnected. Now I cannot get again that shell using the same technique. Has anything changed on r****?

  • Having r****-i come back with an error of sy****.ec unknown.... I know I am going in the right direction, but commands not recognized. DM help please.

  • Type your comment> @MactheDice said:

    Having r****-i come back with an error of sy****.ec unknown.... I know I am going in the right direction, but commands not recognized. DM help please.

    Enable verbosity on r****-**i and you'll realize that might not be the right path.

  • edited December 2019

    i found i********k and i decrypt it and i got c********8.Then I used it to login user @M*** but it say Connection closed by 10.10.10.160 port 22

  • Rooted the box, great box learned a lot thanks @NFire0111111 for the hint

  • I'm just wondering if someone could DM me. I don't want any answers but I'm a NOOB and could really use someone to just get me off the ground. I understand if I'm out of line asking

  • edited December 2019

    Nice box! Getting the initial shell was a challenge but I believe that was due to the unfamiliarity with R****. After researching and playing around with R****, I found the directory to inject a certain file in order to get in. If you are unsure of what I am referring to, there is a cookbook you can read that will talk about this.

    After getting in, I noticed juicy loot and ran my pal J*** against it, but came up short when I attempted to connect as our friend M***. I read the config file for the service and found out why. Darn!

    Since my pal did his job well, I now have access to a certain interface that's running on a high port. Maybe that will work?

    If you are successful - you will notice our friend only has access to a very limited selection of tools. However, one of them is exploitable. That might be why this box was rated very CVE heavy? Have a look around and see if you can find a certain repo on GitHub? Maybe one that is for OSCPs since a certain framework is banned?

    [email protected]:/# whoami && id && ifconfig ens33
    root
    uid=0(root) gid=0(root) groups=0(root)
    inet 10.10.10.160  netmask 255.255.255.0  broadcast 10.10.10.255
    

    I am always open to helping; however, please ensure you explain what you have tried first before asking for hints!
    Also, reps go a long way!

  • i finally got root. this was my first hack. still feel like a total noob, but pretty stoked. still curious to know why the one manual exploit i was using that i found via g* worked initially, but then the next day and beyond i wasnt able to connect with it anymore.

  • I'm a beginner here and having problems with timeouts, the box seems to be down more than it is up. From the scanned ports, not found any way to use the lowest, found the interface on the highest and have had some success with the service on the second highest port found, but not got a user or root shell yet. Timeouts are killing my progress, not sure if things I am trying are not working or just timing out. I am reluctant as a noob to reset the box or try anything that will change it for those coming after me.

    Does becoming a vip improve the situation with timeouts? I'm considering it anyway for the walk throughs.

  • Inital foothold: Enumerate everything, get banners, google
    User: read the configuration file of the service and understand it
    Root: GTFObins

    Arrexel

  • Type your comment> @wo1f said:

    Inital foothold: Enumerate everything, get banners, google
    User: read the configuration file of the service and understand it
    Root: GTFObins

    I think you missed the forum topic. This is Postman. :)

    bumika

  • edited December 2019

    Rooted.
    Really fun and relaxing box. Initial foodhold is the hardest part. User -> Root is really easy.

    Foothold: Enumerate. You'll find something exploitable, but no exploits in the wild work. So read them, understand then. Try to exploit manually. Study exactly the service you're exploiting. When you put 2 and 2 together, you'll get it.

    User: Basic enumeration and a well known script.
    Root: Basic enumeration at step 1

  • edited December 2019

    Spoiler Removed

  • Type your comment> @fearlessmcp said:

    i found i********k and i decrypt it and i got c********8.Then I used it to login user @M*** but it say Connection closed by 10.10.10.160 port 22

    Can Any One Help Me?

  • Type your comment> @fearlessmcp said:

    Type your comment> @fearlessmcp said:

    i found i********k and i decrypt it and i got c********8.Then I used it to login user @M*** but it say Connection closed by 10.10.10.160 port 22

    Can Any One Help Me?

    Just PM me.

    bumika

  • edited December 2019

    Initial Foothole was really hard for me, never worked with r***s, but learned a lot.
    After that initial foothole to root in 30min.
    Used the metasploit way, maybe someone can let me know how to do it without it.

    Overall fun box.
    Thanks @TheCyberGeek for this box.

    If anybody needs some hints, feel free to dm me.

  • R***s is restarting the whole time, error?

  • edited December 2019

    @t3ngu said:

    Type your comment> @6d6a6c said:

    Does becoming a vip improve the situation with timeouts? I'm considering it anyway for the walk throughs.

    Yes. unironically got VIP for this box, made the same experience as you. I had the Box for me and no sciddis were hammering it with automated scanners, it was beautiful.

    Foothold: Enumerating, using a client, dropping a key.
    User: Enumerating and cracking a backup.

    Thanks! Have upgraded myself to VIP and it is beautiful! I can actually do stuff and the box looks pristine so far. Thanks for the tips as well.

  • i think im doing something wrong.. i got already r**** but im messing with the m********t. can someone pm me?

  • Is there anyone that can dm and give me some advice... I have an idea of how to get initial shell but I am executing it poorly.

    H4ck3d5p4c3

  • Looking for a way forward, i feel the answer is staring me in the face.

    Gained an initial low priv shell through well known R**** vuln and found i*****.bak, retrieved the pw.

    Tried SSH with M*** and pw, no joy.
    Logged in to web int with un and pw and tried various exploits with M********t against W*****, getting errors

    any nudges would be appreciated.

    Muchas Gracias
  • edited December 2019

    Hey guys,

    Brand new and this is my first box. I've managed to get user.txt and I'm fairly certain I need to exploit w*** by using p_c.c** although I'm having issues getting a reverse shell for root.

    Any help/DM would be appreciated please and thank you!

  • Hello!
    This is the first box I'd love a nudge. I got a working shell using the r****, managed to find the M*** user and his i*****.bak but I have no idea how to use it.

    Any help would be appreciated!

Sign In to comment.