Postman

1232426282938

Comments

  • edited January 8

    can someone please help me understand which user to place the ssh key into? I have tried creating my own user to no avail. I have tried with users I expect may be on the box again to no avail.

    Please someone help me out.

    EDIT: woohoo! Figured it out.

    Don't forget to +respect if I have helped you out at all.

    Happy Hacking!

    https://www.hackthebox.eu/home/users/profile/135164

  • Type your comment> @Lytes said:

    Type your comment> @Nism0 said:

    Type your comment> @Lytes said:

    Can someone point me to the right directory to point the ss* key to?

    KIndly PM

    In which file keys should be placed? Think about how to do it trough vulnerable service r**is

    Got it. Turned out I had the right directory from start but other users were overwriting my key, I wrote a script to speed up the process.

    i found i********k and i decrypt it and i got c********8.Then I used it to login user M*** but it keeps saying Connection closed by 10.10.10.160 port **.

    I just logged in with success. Are u sure you're trying the right port? :>

    Nism0

  • edited January 8

    Type your comment> @Nism0 said:

    Type your comment> @Lytes said:

    Type your comment> @Nism0 said:

    Type your comment> @Lytes said:

    Can someone point me to the right directory to point the ss* key to?

    KIndly PM

    In which file keys should be placed? Think about how to do it trough vulnerable service r**is

    Got it. Turned out I had the right directory from start but other users were overwriting my key, I wrote a script to speed up the process.

    i found i********k and i decrypt it and i got c********8.Then I used it to login user M*** but it keeps saying Connection closed by 10.10.10.160 port **.

    I just logged in with success. Are u sure you're trying the right port? :>

    I couldnt ss* into M***, I however found a way to get in. How to get root... Someone should kindly PM me an hint for root. Every clue I see seems to point at metaspl*** which I'm not familiar with (intentionally as I plan on getting OSCP soon)

  • got root. Pretty strange because of a vuln who give me user and root flag ! Feel free to PM if needed

  • Type your comment> @Lytes said:
    > Type your comment> @Nism0 said:
    >
    > (Quote)
    > I couldnt ss* into M***, I however found a way to get in. How to get root... Someone should kindly PM me an hint for root. Every clue I see seems to point at metaspl*** which I'm not familiar with (intentionally as I plan on getting OSCP soon)

    If so many ways bring you to metasploit, maybe it is time to learn it :)

    Nism0

  • Playing seemingly by myself on the server I was on, so pretty sure I can say I busted the box in the way that is annoying everyone without actually causing anyone any inconvenience. Seems to be caused by people flushing the server a few too many times. (Yeah, that flush.) Annoying box if only because of things not working properly.

  • I am trying to get an initial foothold using a certain redis.py, which interacts with redis & ssh.

    Can anyone tell me if this is a rabit hole, and if not, please PM :)

  • Rooted!
    This box was a pain in the *** for me, because i keep trying the right things with so little mistakes, and i almost lost my mind. I don't really liked it, but congrats to those who created it.
    Big thanks to my fellows pro hackers @AzAxIaL and @secucyber for helping me out when i most needed.
    Pm me if you need help. (my way was to root first and then got the user)

    Always ready to help... Pls consider giving respect on my profile if i help you.
    Most important, have fun and JUST ROOT IT !!!
    https://www.hackthebox.eu/home/users/profile/186611
    SamTheSapien

  • Just rooted the box. Can someone provide some guidance on how to do it without the easy tool if there is a way?

  • Type your comment> @ecilam said:

    Just rooted the box. Can someone provide some guidance on how to do it without the easy tool if there is a way?

    It depends what you mean by "easy tool"? If you mean msf - well, you could fire exploit manually. But to get the user, there's no need for fancy tools. I did it manually.

    Nism0

  • rooted! thanks for the hints. initial foothold was hard, but user and root were easy.

  • edited January 10
    [email protected]:~# id;hostname
    uid=0(root) gid=0(root) groups=0(root)
    Postman
    

    For users who don't know initial foothold service might be hard but it was interesting part in this box. You will learn a lot.

    Later, i think PC was little bit puzzled.

    Root is easy but, but waste a loooot of time to realize all info to get the root

    Kirzaks

  • Can anyone message me a nudge?

    used nmap, nikto, dirbuster, and metasploit at this point. Cant figure out how to get the password for root.

  • Hi, I have accessed to the server with r**** user. I see that the user doesnt have permission to read the flags. Am I ok or I need to accesswith other user? You can write me dm.

  • Type your comment> @aaaguirrep said:
    > Hi, I have accessed to the server with r**** user. I see that the user doesnt have permission to read the flags. Am I ok or I need to accesswith other user? You can write me dm.

    As with ANY HTB machine. If you manage to get access onto the box but can’t access the user.txt file then something more needs to be done.

    Majority of the time it is that you need to priv esc somehow to the higher user in order to get the user.txt

    Don't forget to +respect if I have helped you out at all.

    Happy Hacking!

    https://www.hackthebox.eu/home/users/profile/135164

  • Spoiler Removed

    Saker

  • I'm currently trying to S** with M***. Got the key from i_r***bk . but when I enter the passphrase I got a "Connection closed by 10.10.10.160 port 2*" But this is supposed to work, right?
    Is the box (on EU Free 1) in a invalid state. Is a reset needed?

    Hack The Box

  • Can someone with a spare few minutes message me so I can check a few things. Thanks

  • is anyone having 5 minutes to help me jumping on the train please? I for sure follow rabbit and mouse holes

  • Hi guys. Starting to work on this machine but got stucked on the very beggining. Already found the service I am suposed to exploit to get initail shell, but for it to work I need a username. How do you guys enumerate the usernames?

  • Many people got root with metasploit but Is there any way get root without metasploit?
    I tried uname command and exploitdb privileges escalation but I didn't work.

  • finaly rooted.. thx 4 this box, like it. pm me if u need a nudge

  • Type your comment> @nuxmorpheus01 said:

    Hi guys. Starting to work on this machine but got stucked on the very beggining. Already found the service I am suposed to exploit to get initail shell, but for it to work I need a username. How do you guys enumerate the usernames?

    Maybe its the wrong exploit/service to use? Enumerate more. Maybe you stumble accross another service you can exploit.

    Hack The Box

  • Yesterday I finally got ROOT. But the strange thing, I got root before user. And judging by the posts here, I seem to be not the only one here.
    Really want to know how people got user the intended way.

    The initial foothold was really the hardest work on this. First I was trying to exploit the wrong service and then when I found the right one, Irealized that I have to learn a lot about it to make it work.
    Sadly the exploits on msf didn't work for me and I couldn't make them work. So I tried another way. But this was probably not the intended one ...
    When I finally found a user and password, it didn't work as I thought it would. And when I used the creds on another exploit, I was suddenly root ...

    Everything very strange, but all in all I liked the box, because it made me learning about a service, I had never heard before ...

    Hack The Box

  • Type your comment> @theonemcp said:

    Type your comment> @nuxmorpheus01 said:

    Hi guys. Starting to work on this machine but got stucked on the very beggining. Already found the service I am suposed to exploit to get initail shell, but for it to work I need a username. How do you guys enumerate the usernames?

    Maybe its the wrong exploit/service to use? Enumerate more. Maybe you stumble accross another service you can exploit.

    The service I am trying on is the r***s. I think is the same everyone else is using.

  • I am such a noob, ive worked on this for 3 days and I know its my first box but i just cant get a start. I found the services R**** and W***** but have no clue what to do. I used dirbuster,nikto and burb on http but still, i am lost and do not know what im looking for. Pm me for a nudge please.

  • First active box rooted. Learned a lot. PM if you need some hints.

  • edited January 14

    Can someone PM me? I'm mega stuck on foodholt.

    Found R****, but none of the exploits seem to be working. I tried tinkering around with the EDB-options in metasploit, and even alternative exploit methods altogether, but nothing really seems to work here. just errors / dead-silence galore.

    Feel free to PM me for help on boxes, but if my help was useful, do consider tossing me +1 respect!

  • i have a little question. I don't know if I'm on the right path

    Redis (error)   NOAUTH Authentication requeired.
    
  • Currently on low priv shell and found the key. But when i use its giving me an error Connection closed on port 22. Pm me for nudges please.

Sign In to comment.