Postman

I got user and root. ISeveral people helped but especially @c4ph00k k.

This was my first machine and I learned so much just in process. Everything was a challenge and I had to go research it. Then in the middle of it the VM I was using crashed. My other VMs kept working but the one with my notes dead.

I still don’t know what some of the cryptic notes mean that were left here in posts.

One of my biggest frustrations was following the correct script but having it being wrong by the author.

If you need help PM me I certainly need to pay it forward.

thanks

Got user and root for my first box! A lot of the hints were helpful here. It does seem that others used different methods, some which did not work for me. I liked having to use multiple approaches to achieve everything.

Are you guys running john on the .bak file because I need help with that

Rooted, the most difficult part if you don’t use a py script is the other users who are continuously flushing. Also for the root exploit spend an hour wondering why it didn’t work before realizing I had to use tun0’s IP as LHOST…

A public thank you to @daman1 for pointing me in a good direction.

@Slxyre
There’s a tool to use with John for what you’re trying to do. Try searching for s******n.py. That should help you get what you need to get to the next step for the user flag.

@SaltEngineer So I cracked it but when I try to SSH it says connectiontion closed by [ip] on port 22
Which leads me to believe its the correct passphrase but not working.

Hi all I need a nudge for getting root tried different CVE found the .**k files but cant seem to make it work. Can PM me will really appreciate it.

@Slxyre
There are more things you can do with that than what you’re trying. Think about other common issues that you might see involving the info you just got.

Got user and root!
Hint: if you are struggling to find your way in after c**********8, then make sure you read carefully all available to you websites. I was stuck on this for quite some time.
PM for more hints :slight_smile:

Rooted pm for nudges thanks to @SaltEngineer and @ReservedEhlek for the help. Respect.

Can anyone tell me if the machine has been patched? I managed to get both user and root in a single swoop and am currently helping someone else getting through this box.

My first box done thnx to all that helped in a way or another: @BugZ , @ReservedEhlek , @OddRabbit , @deepc0re , @daman1 If someone needs a small push PM me.

Can they please stop putting these insanely difficult boxes under easy…

Spoiler Removed

just rooted the box without metasploit, using owasp-zap and the manual request editor. sweet one, I learned a lot during the inital foothold…

hints: enumerate, google and don’t just run the exploits, try to understand how they work, what they do. and if you fail, try harder. :slight_smile:

Hello, I’ve managed to ---------- can I get a help here to validate that my action is on the right path? Thanks

EDIT: somehow im in,

Type your comment> @rmn0x01 said:

Hello, I’ve managed to ---------- can I get a help here to validate that my action is on the right path? Thanks

EDIT: somehow im in,

ok im still bamboozled by how i can get in to user, anyone up for a question? Thanks

Could anyone give me a slight push in the correct direction? I have tried two ports, multiple exploits, directory fuzzing, manual exploitation and nothing seems to be taking a hold.
With one port I am getting read-only slave.
With the other there is nothing really to go with. Any help would be appreciated.

when people say “root was easy” or “user was easy” for beginner dont look that way but when they say that means “there alot to learn for beginnesr” but all in all that that cook book is really cooked for beginner