Postman

1212224262738

Comments

  • edited December 2019

    is anyone having issues with getting the S** key to the right file location in R****? I keep getting a password prompt after i follow the steps.

  • Finally rooted. This box seems very finicky with multiple people working on it. I was working on the initial foothold exploit (that I was sure would work) for upwards of an hour before I noticed someone reset the box. After the reset, it worked immediately.

    If anyone needs any help, feel free to PM.

    Hack The Box

  • Finished it at last good experience, thanks @Lambchop for the hints

  • I can enter commands with r****, but I can't get keys to work, p*******d prompt but not a p********e, any bump would appreciate.

  • Rooted!!, two machines on last day of 2019!!

    MarsG

  • Hi everyone,

    Still struggling with getting a shell from the R**** service. Could someone PM me?

    Respect will be awarded.

  • Shame on me...i lost like 3 days not knowing what to do or going into a rabbit hole because i didn't scan ALL PORTS and was missing the r**** service....

    :-(

    note to myself: always scan ALL PORTS....

  • I cannot for the life of me find the file needed for gaining user access after gaining the initial foothold. Pretty sure I am blind and its staring me in the face.

    Any help would be greatly appreciated, trying to root my first box.

  • edited January 4

    hi all - another n00b question. I am getting "unknown command 'system.exec' when running the first exploit. Any help would be v appreciated.
    edit: sorted thx

  • Type your comment> @boffinson said:

    hi all - another n00b question. I am getting "unknown command 'system.exec' when running the first exploit. Any help would be v appreciated.

    Run wireshark and analyze messages from the traffic.

    bumika

  • fun box! there were definitely some red herrings. I also got root before user.

    Based on what I am reading here...looks like there might be different paths to get to the loot. I felt kind of hamstrung during enumeration, so I'd definitely would be interested in knowing what some of you have done.

    if you need help, feel free to ping me

    user:
    there is a lot of material on the internet (and hints on this forum) about what to do. There is a service that simply lets you waltz in. Through trial and error I found out where I could and could not write to. The local enumerate once you have a foothold.

    root:
    business as usual once I picked up versions of what's running within as root and looked up exploits for it. i used some tool that I dont normally like using but it got the job done. I will actually retry this with something else as I feel there are other paths to root.

  • First box finished!

    Found it pretty tough as almost everything I did was filled with hours of dead ends and trying to use unneeded tools. It took me a few days of work, but I learned so much just from this one box. Very excited to keep chasing roots.

    Everything you need is on the forums/reddit/internet. Try harder!

  • edited January 2

    I can't work on this box because it keeps becoming unreachable every 20 seconds.

    So annoying... Can someone have a look at the machine? I'm on the edge-us-vip-14.hackthebox.eu VPN.

    Besides, I have reached the initial foothold. PM me if you need any help with that stage.

  • Rooted the easy way. If anyone completed the privesc manually I would like to know you did it.

    k1llswitch
    "The master has failed more times then the beginner has even tried"

  • Type your comment> @Nexe said:

    Hey guys, just got user access, trying to use a m**** module on w***n but i'm getting a "cookie error" and "no session was created". Am i on the right way ? I don't mind some hints :s nvm, got it working. hint for this error: don't forget ssl like i did..

    ROOTED !

    pm me for hints/nudges

    Thanks, @Nexe :) That "don't forget ssl" really helped me big time, got it right away.

  • edited January 2

    Ok, this box is driving me crazy :P

    I managed to get a foothold using the "An Ethical Hacker's Cookbook" good read :)
    Then I try it again and I get permission denied when attempting to SSH.

    That aside (for now) when I was inside there, I managed to see an interesting file "*.bak"

    Tried to crack it using john and the usual file but no go... am I on the right track here?
    A nudge would be good :)

    Cheers!

    Ok, updated, got my foothold back, typos in my commands :P (head smack)

    Still need the nudge for the *.bak file...

    Always happy to help others and remember to +respect me if I helped you ; )

  • Rooted.
    Thanks @rholas and @sckull for your help :)

  • Type your comment> @lhh4sa said:

    is anyone having issues with getting the S** key to the right file location in R****? I keep getting a password prompt after i follow the steps.

    i think someone is also using the same exploit as you are! or maybe someone just alter the rds as a read only!

  • edited January 2

    @lhh4sa said:
    I cannot for the life of me find the file needed for gaining user access after gaining the initial foothold. Pretty sure I am blind and its staring me in the face.

    Any help would be greatly appreciated, trying to root my first box.

    just enumerate it bro real hard maybe you just missed it

  • @acidbat said:
    Ok, this box is driving me crazy :P

    I managed to get a foothold using the "An Ethical Hacker's Cookbook" good read :)
    Then I try it again and I get permission denied when attempting to SSH.

    That aside (for now) when I was inside there, I managed to see an interesting file "*.bak"

    Tried to crack it using john and the usual file but no go... am I on the right track here?
    A nudge would be good :)

    Cheers!

    Ok, updated, got my foothold back, typos in my commands :P (head smack)

    Still need the nudge for the *.bak file...

    bro when using john and cracking that file what's the first thing you must do? before you can crack it?

  • edited January 2

    Type your comment> @6062055 said:

    Type your comment> @Nexe said:

    Hey guys, just got user access, trying to use a m**** module on w***n but i'm getting a "cookie error" and "no session was created". Am i on the right way ? I don't mind some hints :s nvm, got it working. hint for this error: don't forget ssl like i did..

    ROOTED !

    pm me for hints/nudges

    Thanks, @Nexe :) That "don't forget ssl" really helped me big time, got it right away.

    Hey! Thanks for the hint. But I haven't been forgetting the SSL, got the creds required for the exploit (M***, c***********), figured out that we have the p**k*** u**** privs for our user M*** but the exploit ends with Exploit completed but no session was created.

    Any pointers on where I might be going wrong?

    EDIT: Got user. For root -> Still the same problem. Any pointers on what could be going wrong? I am using the w*****p********* exploit. SSL set to true. Not working man. Really frustrated at this point.

  • Got root before user. This machine is pretty difficult and frustrating for an easy one. Nothing worked out of the box and I had to carefully prepare each exploit and then find out why it doesn't work as it should.

    elearning

  • Initial foothold was a great learning experience for me, user taught me an important lesson as well. Really enjoyed the box!

  • edited January 3

    Tried running rockyou.txt on the pri**** S** e but no luck so far after 25 minutes. My fans are going like it's the end of its life.

    Is there an easier way to do this than buying a Geforce GTX 20 series card? Hahah!

    Edit: I'm so silly; I didn't even see the password that came up. I am got the second user now. :))

  • edited January 3

    Hi, i've just finished this machine, thanks @OddRabbit and @misthi0s for the help at the foothold, if anyone need a nudge to get user or root just PM me :)

  • Type your comment> @wewppp said:

    @acidbat said:
    Ok, this box is driving me crazy :P

    I managed to get a foothold using the "An Ethical Hacker's Cookbook" good read :)
    Then I try it again and I get permission denied when attempting to SSH.

    That aside (for now) when I was inside there, I managed to see an interesting file "*.bak"

    Tried to crack it using john and the usual file but no go... am I on the right track here?
    A nudge would be good :)

    Cheers!

    Ok, updated, got my foothold back, typos in my commands :P (head smack)

    Still need the nudge for the *.bak file...

    bro when using john and cracking that file what's the first thing you must do? before you can crack it?

    Yup, got it now :)
    User flag done, on to root

    Always happy to help others and remember to +respect me if I helped you ; )

  • alright rooted

    Thank you very much @TheCyberGeek - it was a good learning curve for me :)
    Also a thank you to @rholas and @J0hnD03 for the nudges :)

    Foothold: Plenty on the forum but read the 'An Ethical Hacker's Cookbook.pdf' and pay attention to the images + text (they are not always the same...)
    User: Good juicy backup file you can have a look at and ask SS*John to help you out followed by his friend John, together they can rock you with a solution.
    Root: As everyone keeps saying: CVE, I bummed out a little there on the listening address

    Always happy to help others and remember to +respect me if I helped you ; )

  • edited January 3

    How many time John needs to finish his job? I started it 3 hours ago and he is still working...

    I did a stupid mistake...

  • Rooted!

    Make sure to thoroughly nmap/scan/info gather at first to find a foothold. You should see more than just 2 low number ports open. Google around, this was my first time working with the protocol and it was quite involved.

    Once you have your foothold, identify users on the machine and dig for any files they own in the file tree. The file will give you information to escalate to user. Don't get thrown off that file itself may not be used other than to recover creds.

    Root was rather easy. I love metasploit.

    Good luck, PM or Valor in Discord if you need anything.

  • Type your comment> @c4ph00k said:

    How many time John needs to finish his job? I started it 3 hours ago and he is still working...

    I did a stupid mistake...

    bro just use the most common wordlist that you can find like rkyo*.txt

Sign In to comment.