Postman

A public thank you to @daman1 for pointing me in a good direction.

@Slxyre
There’s a tool to use with John for what you’re trying to do. Try searching for s******n.py. That should help you get what you need to get to the next step for the user flag.

@SaltEngineer So I cracked it but when I try to SSH it says connectiontion closed by [ip] on port 22
Which leads me to believe its the correct passphrase but not working.

Hi all I need a nudge for getting root tried different CVE found the .**k files but cant seem to make it work. Can PM me will really appreciate it.

@Slxyre
There are more things you can do with that than what you’re trying. Think about other common issues that you might see involving the info you just got.

Got user and root!
Hint: if you are struggling to find your way in after c**********8, then make sure you read carefully all available to you websites. I was stuck on this for quite some time.
PM for more hints :slight_smile:

Rooted pm for nudges thanks to @SaltEngineer and @ReservedEhlek for the help. Respect.

Can anyone tell me if the machine has been patched? I managed to get both user and root in a single swoop and am currently helping someone else getting through this box.

My first box done thnx to all that helped in a way or another: @BugZ , @ReservedEhlek , @OddRabbit , @deepc0re , @daman1 If someone needs a small push PM me.

Can they please stop putting these insanely difficult boxes under easy…

Spoiler Removed

just rooted the box without metasploit, using owasp-zap and the manual request editor. sweet one, I learned a lot during the inital foothold…

hints: enumerate, google and don’t just run the exploits, try to understand how they work, what they do. and if you fail, try harder. :slight_smile:

Hello, I’ve managed to ---------- can I get a help here to validate that my action is on the right path? Thanks

EDIT: somehow im in,

Type your comment> @rmn0x01 said:

Hello, I’ve managed to ---------- can I get a help here to validate that my action is on the right path? Thanks

EDIT: somehow im in,

ok im still bamboozled by how i can get in to user, anyone up for a question? Thanks

Could anyone give me a slight push in the correct direction? I have tried two ports, multiple exploits, directory fuzzing, manual exploitation and nothing seems to be taking a hold.
With one port I am getting read-only slave.
With the other there is nothing really to go with. Any help would be appreciated.

when people say “root was easy” or “user was easy” for beginner dont look that way but when they say that means “there alot to learn for beginnesr” but all in all that that cook book is really cooked for beginner

Can someone point me to the right directory to point the ss* key to?

KIndly PM

Type your comment> @Lytes said:

Can someone point me to the right directory to point the ss* key to?

KIndly PM

In which file keys should be placed? Think about how to do it trough vulnerable service r**is

Type your comment> @Nism0 said:

Type your comment> @Lytes said:

Can someone point me to the right directory to point the ss* key to?

KIndly PM

In which file keys should be placed? Think about how to do it trough vulnerable service r**is

Got it. Turned out I had the right directory from start but other users were overwriting my key, I wrote a script to speed up the process.

i found ik and i decrypt it and i got c8.Then I used it to login user M*** but it keeps saying Connection closed by 10.10.10.160 port **.

sorry double post