Postman

pwnd

Please reset this box , looks like a team has modified the permissions

Rooted

initial: enum and see how the unprotected service can be abused (try kali cookbook)
user: permissions are important while creating backups
root: just run the module (dont forget ssl)

PM if you need hints

Hello
I got the intial shell, tring to get user.
i found a file i*_***.**k, and when i tried to connect to ssh i get :
Connection closed by 10.10.10.160 port 22.
is what im doing wrong, or something wrong with the machine(cant reset it)?

Type your comment> @Awby said:

Hello
I got the intial shell, tring to get user.
i found a file i*_***.**k, and when i tried to connect to ssh i get :
Connection closed by 10.10.10.160 port 22.
is what im doing wrong, or something wrong with the machine(cant reset it)?

Everything is OK both with you and with the machine. :slight_smile:

i’m trying this one as my first box… wish me gl!

Hey,
New user here.

I managed to get a shell via S** with r**** and found the i*_***.**k .
However i did not manage to decrypt it… i think i miss the essential knowledge and tool…
I am glad for any nudge.

Spoiler Removed

Type your comment> @ghost5egy said:

READONLY You can’t write against a read only slave.
I got this message when trying to exploit ***

please edit your message…

Type your comment> @blackdev1l said:

Type your comment> @ghost5egy said:

(Quote)
please edit your message…

Why?

Type your comment> @ghost5egy said:

Type your comment> @blackdev1l said:

Type your comment> @ghost5egy said:

(Quote)
please edit your message…

Why?

it’s a spoiler.

I know that you have to exploit r***s, but I can’t get the scripts to work. I’ve pulled up a few automated scripts and they just ask for the ssh password. Can anyone give me a nudge? btw I used scripts from Kali Cookbook.

Can someone PM me, please? I have trouble getting the shell… I know what I have to do, but I’m doing something wrong and don’t know what is it

~~I can not figure this out. Second box ever but I know where I want to go, I’ve found several exploits but they don’t work because the M****** command is missing from r**** and at least 2 articles detailing different manual/semi manual ways to get there but nothing is working. One of the ways I’ve tried is to upload ssh keys to a certain users directory through r**** but when I try to use them to connect it keeps telling me my key is wrong. ~~

Any nudges or help would be appreciated because after a whole day on this I don’t think I’m getting further as it is.

Edit: I am so unbelievably silly. Lesson learned. Take breaks.

Finally did it, rooted! Was missing the obvious, so annoying when that happens. Still, great box, really enjoyed the journey, thanks @TheCyberGeek

Hey,
Which one could give me a clue about the u******* to use for S** when I injected my k** via R***s?

I’ve been blocking for a week now…

EDIT : Ok… now it’s work i don’t know how …

EDIT : ■■■■ me i m so tard …

EDIT : Rooted…

Could anyone reset the machine? It says I’ve reached the limit for today. I owned user and cannot get access anymore now due to someone breaking r***s.

rooted :slight_smile:
I didn’t manage to get the m thing to run for root so I crafted my own h***-r******. Maybe someone wants to share their way via PM? I never use the m thing, because it never works for me. Maybe there is something wrong with my installation?
Cheers!

Rooted! Thank you for all the support!
There’s really plenty of information to solve this challenge in the comments. Probably too much.

What took me so much time was the inconsistency of the “magic value” you’re able to retrieve.
It doesn’t work for the most obvious thing you’d think it works, you need a workaround but that in the end isn’t even necessary.

Then, there’s a service that you could not exploit before but now you can, however the “magic value” wasn’t working for me and I tried it multiple times. So I just left it as is and tried other paths.

In the end I’m happy with the experience, happy with my first hacked box, however I also lost too much time on really trivial things :stuck_out_tongue:

Stuck at last step for user, need a nudge. PM please