Postman

Hi folks. Need for hints on getting shell via r**s. Exploits from github/exploitdb definately don’t work (no MODULE command). Where should I look at? Or r**is is not a way here?

Complete Ownage. I enjoyed the challenge.

The biggest problem to overcome was the sheer amount of people on the box at the same time. This should not matter though, and when I realized what was happening a grinned with excitement at the extra challenge this presents. I suddenly felt like I was in some movie, going up against fellow hackers!

I would say that it does not seem to matter what state the box is in, so no need to keep resetting it. I didn’t find that we were blocking each others access so mush as just treading on each others toes. if you find that you are unable to um ‘write things down’ (hint), then there is a way to gain this ability back without a reset. As always the devil is in the detail and it’s pretty important to know how the service you are attacking works and what it is doing.

If you need help, please do ping me. If I already helped you, please do add some respect to my handle as I am directly powered by praise :stuck_out_tongue_winking_eye:

Finally rooted the postman, a good box and learnt a lot

Hi everyone,

Can anyone help me with the initial shell? What should I be doing with the script? I have installed the server on my local machine and the script seems to work in giving RCE. I will give respect for help.

Type your comment> @jvlavl said:

Who was able to use the r**** un** exec module in msf for the user part?

I have rooted the system

i was able to, i got a meterpretere shell, but it was very limited, i didnt bother trying to escalate from there, as there was an easier way through ssh :slight_smile:

Spoiler Removed

Type your comment> @0rbit4L said:

Type your comment> @jvlavl said:

Who was able to use the r**** un** exec module in msf for the user part?

I have rooted the system

i was able to, i got a meterpretere shell, but it was very limited, i didnt bother trying to escalate from there, as there was an easier way through s** :slight_smile:

bro that’s a spoiler! … or not?

Hi all

I am really struggling with the initial foothold here. I would really appreciate a nudge in the right direction if someone is available to PM me, I will explain all my steps so far I’m not after the answer just a helpful push. I have read everything i can about a certain service (r****) used to gain that foothold, but to no avail.

is anyone having issues with getting the S** key to the right file location in R****? I keep getting a password prompt after i follow the steps.

Finally rooted. This box seems very finicky with multiple people working on it. I was working on the initial foothold exploit (that I was sure would work) for upwards of an hour before I noticed someone reset the box. After the reset, it worked immediately.

If anyone needs any help, feel free to PM.

Finished it at last good experience, thanks @Lambchop for the hints

I can enter commands with r****, but I can’t get keys to work, p*******d prompt but not a p********e, any bump would appreciate.

Rooted!!, two machines on last day of 2019!!

Hi everyone,

Still struggling with getting a shell from the R**** service. Could someone PM me?

Respect will be awarded.

Shame on me…i lost like 3 days not knowing what to do or going into a rabbit hole because i didn’t scan ALL PORTS and was missing the r**** service…

:frowning:

note to myself: always scan ALL PORTS…

I cannot for the life of me find the file needed for gaining user access after gaining the initial foothold. Pretty sure I am blind and its staring me in the face.

Any help would be greatly appreciated, trying to root my first box.

hi all - another n00b question. I am getting "unknown command ‘system.exec’ when running the first exploit. Any help would be v appreciated.
edit: sorted thx

Type your comment> @boffinson said:

hi all - another n00b question. I am getting "unknown command ‘system.exec’ when running the first exploit. Any help would be v appreciated.

Run wireshark and analyze messages from the traffic.

fun box! there were definitely some red herrings. I also got root before user.

Based on what I am reading here…looks like there might be different paths to get to the loot. I felt kind of hamstrung during enumeration, so I’d definitely would be interested in knowing what some of you have done.

if you need help, feel free to ping me

user:
there is a lot of material on the internet (and hints on this forum) about what to do. There is a service that simply lets you waltz in. Through trial and error I found out where I could and could not write to. The local enumerate once you have a foothold.

root:
business as usual once I picked up versions of what’s running within as root and looked up exploits for it. i used some tool that I dont normally like using but it got the job done. I will actually retry this with something else as I feel there are other paths to root.

First box finished!

Found it pretty tough as almost everything I did was filled with hours of dead ends and trying to use unneeded tools. It took me a few days of work, but I learned so much just from this one box. Very excited to keep chasing roots.

Everything you need is on the forums/reddit/internet. Try harder!