Postman

Type your comment> @wsurfer said:

hello, found r… port, logged in, tested with m…t but no luck, tried to save my i…ey to the a…keys for the user that already has the p…b key on the machine.
i see the k…y is writed with lot of “\n”, but not abloe to login. any hint, not an expert in redis, found also there is a s… user.

??? where are you stuck at???

Has anyone got root manually?

Finally Rooted manually.

Rooted! Thanks to jlsangom for the reminder to check for things to edit on files I was using…
For the foothold I was following guides from two different places and both of them had at least one incorrect instruction. The hardest part was figuring out what commands to follow from each.
Feel free to PM me if you’re getting stuck in the same place :slight_smile:

Rooted! fun box, learned a ton.

Foothold: the target service can be broken in multiple ways, if one way isn’t working then try and find another. Some methods are easier than others.

User: Just beacuse you don’t have the flag doesn’t mean you didn’t own user.

root: Don’t overcomplicate this one, everything’s in front of you. No need to do anything fancy.

pm for nudges

Rooted!
Low-level shell is the hardest part. Google for vulnerabilities and try to exploit it in manual mode, step by step.
User: enumerate, find is your friend.
Root: common CVE, can be easily exploited
Feel free to DM me, if you need some hints

Spoiler Removed

Rooted. Everything seems to be said in this thread. For hints just PM me

Guys, Please, tell me - if it possible to learn smth new or to get any experience if box is reset every fu…ing 3 minute? Why are you doing so? Maybe if smth goes wrong its not the way out to reset and to start it from the beginning? May be its time to sit and to think a bit what am i doing wrong? It’s a kind of mess - trying to get fu…ing low-level shell when ping is lost, box is reset, etc…
P.S. Sorry for emotions - a bit tired of this.

alright im lost yall ive tried all the exploits and saw here that the scripts need to be fixed so ive read them and dont see anythin that stands out i have no experience in C but my python is alright can i get a pm with some direction? i try not to ask for help but im really frustrated

Edit: rooted good god. i hate it when i finally figure it out and want to punch my own stupid face ■■■■.

I am having issues getting the initial foothold. I found a cve for w***** but I can’t seem to get a session created even though the exploit is running. Did anyone else have this issue? Maybe I need to think about it differently?

Same. Im frustrated and full of hate. Need initial foothold and tried everything

I feel like I’ve tried everything. I’m try to add s** k** to the correct path using r***-c**. I keep getting permission denied and I have spent hours trying to figure out how to enumerate users or directories? Can someone please DM me a hint??

can anyone tell me how i gain initial user credential on postman as i am noob. pls help.

Rooted!

Feel free to DM me if you need a hint :wink:

hey guys!!
im a noob i need some hints i found the exploit but it seems missing few things if anyone can DM to help me :slight_smile:

Rooted. Also got root and user at the same time. Initial foothold was difficult and required a lot of learning about the service. From there, common CVE, like mentioned in other posts, just make sure to type everything in accurately and think about dumb things users do.

All in all, it was interesting learning to gain initial foothold without a common tool.

Rooted, Fun box!
Foothold: the door your key is for might not be where you think it is
User: find the file give it to john
Root: fedex carries these

Rooted!
Seriously, once you have foothold, just look through everything. You will find something of interest. It is just laying around.

Hi am Noob i need some hints … i found exploit, it says system.exec not found. Please help.

did u find r***s.py ?