Postman

alright rooted

Thank you very much @TheCyberGeek - it was a good learning curve for me :slight_smile:
Also a thank you to @rholas and @J0hnD03 for the nudges :slight_smile:

Foothold: Plenty on the forum but read the ‘An Ethical Hacker’s Cookbook.pdf’ and pay attention to the images + text (they are not always the same…)
User: Good juicy backup file you can have a look at and ask SS*John to help you out followed by his friend John, together they can rock you with a solution.
Root: As everyone keeps saying: CVE, I bummed out a little there on the listening address

How many time John needs to finish his job? I started it 3 hours ago and he is still working…

I did a stupid mistake…

Rooted!

Make sure to thoroughly nmap/scan/info gather at first to find a foothold. You should see more than just 2 low number ports open. Google around, this was my first time working with the protocol and it was quite involved.

Once you have your foothold, identify users on the machine and dig for any files they own in the file tree. The file will give you information to escalate to user. Don’t get thrown off that file itself may not be used other than to recover creds.

Root was rather easy. I love metasploit.

Good luck, PM or Valor in Discord if you need anything.

Type your comment> @c4ph00k said:

How many time John needs to finish his job? I started it 3 hours ago and he is still working…

I did a stupid mistake…
bro just use the most common wordlist that you can find like rkyo*.txt

Type your comment> @wewppp said:

Type your comment> @c4ph00k said:

How many time John needs to finish his job? I started it 3 hours ago and he is still working…

I did a stupid mistake…
bro just use the most common wordlist that you can find like rkyo*.txt

i did a mistake with other file and not the correct one, I solved and john works correct with rkyo*.txt. i got the user flag, now i’m working for the root.
Thanks.

edited - rooted, a bit dislike about the root, I used msf. did somebody use a different approach? If yes, can you kindly PM me?

I quite liked this puzzle, I think it was perfect for me as a first box. Although I must say that the ik file and fact that it was possible to s into the r**** user felt a bit artificial to me. At least On Ubuntu, by default I get nologin for the user r**** and I can’t see why would anyone change that.

Just rooted this machine. Such a good box. Both user and root was interesting. If you get stuck, don’t focus on just one port in exploiting throughout the stages.

If you complete root then you know how some people would have gotten root before user.

Thanks to @s1lv3rst4r @wewppp and @deepc0re.

PM me if you need any help.

Thanks.

Edit: Has anyone found a non-m********* exploit for root on the internet? It would be good in case this comes up in the OSCP. Otherwise, I think I’ll just write my own based off the currently available one.

I think I had root. I was in a shell and asked who am I and the response was root.

I was able to display /etc/shad ow but then l lost my VPN connection. Then my VM crashed and I had to rebuild it. I tried the same steps I had before and did get access to root.

Maybe somehow I was given a gift by someone else.

So now I’ve found an additional user and interesting file but I can’t figure out what to do with them.

Is is possible to copy the files?

The is metaexploit I’ve tried but either it is the wrong one or I have it configured wrong.

It is frustrating because everything seems to be a rabbit hole. My getting a foothold is an example the procedure I used I had several examples but they all left out a keypoint until a user here gave me a nudge.

Any additional nudges would be appreciated.

Hi all this is my first box and I need a nudge please. Tried w***** exploit, tried r**** different approaches still cant figure it out. Now doing S** but get denied all the time. Please someone help me THNX

Finally rooted.

This box took me approx 8 hours in total but that was more down to me not thoroughly taking the time to do the research and really understand whats going on.

Tips

User: When you find the guide on how to manually exploit the thing you can pretty much follow it step for step just be aware that things may not be in the exact location as indicated in the guide.

Once in look around to find something useful to allow you to pivot to another user

Next If something isn’t working even though it “should” investigate why not… Check config files.

Root: Remember back to initial enumeration. Try again with what you have now.

Hopefully that’ll be of some help or assurance that your on the right path.

I got user and root. ISeveral people helped but especially @c4ph00k k.

This was my first machine and I learned so much just in process. Everything was a challenge and I had to go research it. Then in the middle of it the VM I was using crashed. My other VMs kept working but the one with my notes dead.

I still don’t know what some of the cryptic notes mean that were left here in posts.

One of my biggest frustrations was following the correct script but having it being wrong by the author.

If you need help PM me I certainly need to pay it forward.

thanks

Got user and root for my first box! A lot of the hints were helpful here. It does seem that others used different methods, some which did not work for me. I liked having to use multiple approaches to achieve everything.

Are you guys running john on the .bak file because I need help with that

Rooted, the most difficult part if you don’t use a py script is the other users who are continuously flushing. Also for the root exploit spend an hour wondering why it didn’t work before realizing I had to use tun0’s IP as LHOST…

A public thank you to @daman1 for pointing me in a good direction.

@Slxyre
There’s a tool to use with John for what you’re trying to do. Try searching for s******n.py. That should help you get what you need to get to the next step for the user flag.

@SaltEngineer So I cracked it but when I try to SSH it says connectiontion closed by [ip] on port 22
Which leads me to believe its the correct passphrase but not working.

Hi all I need a nudge for getting root tried different CVE found the .**k files but cant seem to make it work. Can PM me will really appreciate it.

@Slxyre
There are more things you can do with that than what you’re trying. Think about other common issues that you might see involving the info you just got.

Got user and root!
Hint: if you are struggling to find your way in after c**********8, then make sure you read carefully all available to you websites. I was stuck on this for quite some time.
PM for more hints :slight_smile: