Postman

Rooted! PM me if you need help.

Thank you @TazWake for your guidance.

My second box Completed
Feel free to Pm me

i got the i*_*** and i have the key to get it but the server kicks me out with
Connection closed by ********** port **
am i doing anything wrong??

Finally! Once I used the right exploit for user things fell into place. User is dependent on the correct exploit and looking for important things that might be backed up somewhere. Find some cracks in the backup file and look at the list of open ports. Reuse some of that info and you’ll be well on your way. Fun box! As some others have said, I got the root flag and then the user flag.

Hey guys, I’ve managed to figure out r****-*** but now unable to find what will allow me to go to where i need to go. Looking at some articles for the service - it’s showing add something into s** but not able to figure out how to get the missing info i need to do that and guesses return a permissions denied error. Any nudges on what i’m overlooking?

got the foothold via manual process, owned user M*** now working on root. love the challenge.

Update - got roots

Fun box! Feel free to pm if you need help.

Tips (most of which have been covered, redact as necessary):

Initial: Many will find the initial foothold to be the most time consuming. There is enticing low hanging fruit, but hold off until you’ve done a full scan to see what you can work with. The vulnerable service has plenty of documentation and scripts available, but will require a little code bending to suit your environment. Read the documentation on the vulnerable service and figure out what commands will allow you to enumerate the system. Read error messages, too - they’re well covered for what you need to get your initial foothold.

User: System enumeration is much easier now. Acquiring user credentials is very similar to OpenAdmin and Traverxec, but you may find another step is necessary. So Understand why it’s occurring and try moving laterally.

Root: Don’t forget your initial enumeration and see if you can fill in the blanks. At this stage, if you’ve documented what you’ve come across thus far, it’s all on you to put the pieces together and you will have root. It’s not uncommon for folks to inadvertently get root before user.

Okay, so I got both flags at the same time. I must’ve missed something along the way…

Spoiler Removed

Type your comment> @iSmarsh said:

I’ve tried using the method on the Ethical Hacker cookbook, everything seems to work fine (I’ve written an .sh script to automate it all) but once it attempts to ssh in using my id_rsa key, it also asks for password. Any idea how to bypass this? Am I on the right path or is there something I’ve missed?

Please ignore the above! I had to set the correct user :wink:

I have the same problem! How have you solved it?

ROOTED

anyone able to ssh into the box? i have the paraphrase and the priv keys. Connection closed by 10.10.10.160 port 22 is what i get.

any nudge will help. Please PM me

got user. up next root.

ROOTED. PM FOR HINTS

got user, now we’ll try root

Changing the directory in r**** gives me a permissions denied. I also tried s** as root and get asked a password when both keys are set up.

Got root before user. I think I did this a more complicated way than what was needed. Thanks for a good box!

Hi,
Anyone can give me a nudge in pm for this box please?
I’ve found the r—s port, I managed to get c-----t key and r-- backup.
But now i’m locked, john don’t want these files.
Thanks

Type your comment> @MrCrame said:

Hi,
Anyone can give me a nudge in pm for this box please?
I’ve found the r—s port, I managed to get c-----t key and r-- backup.
But now i’m locked, john don’t want these files.
Thanks

Check to see what exploits exist for r—s, with one of them, you can have a shell with low privileges.

In my case I did it manually, it’s not complicated, it’s like 4 or 5 steps that you have to do.

Driving me mad this box! lol. I have tried alsorts of different approaches, and just as something looks promising, 2 minutes later I do the exact same and get different results. Grrrr

I suspect the correct approach is to import my own ssh keys, but I still can’t connect.

If anyone can help me along with a PM would be grateful.

rooted.

Initial foothold was the hardest part for me and took the most time. Spent way to much time on getting the path right. Once the access was there user and root was easy.