Postman

Hi am Noob i need some hints … i found exploit, it says system.exec not found. Please help.

did u find r***s.py ?

@Nonamex7 said:

hey guys!!
im a noob i need some hints i found the exploit but it seems missing few things if anyone can DM to help me :slight_smile:

Depends which exploit you’ve found. If it is one early one which needs credentials, you need to get the credentials.

Guys…i get:
“Connection closed by 10.10.10.160 port 22”
Do you have any suggestions ? Is it possible that i was blocked by too many attempts ? I did only 3 attempts though…

Rather enjoyed this machine thanks to the builders! :smile:

Hey Hackers. I need a nudge please. I’ve enumerated and found two ports that look more interesting than the others one runs a service starting with r the other starts with w. I’ve found a few articles on r that point to creating an authorized_keys file. which seems to work, but when I ssh i’m prompted for a password :frowning: I’m guessing the username is the same r word as the service? I’m pretty confident the users home dir is not in the usual place. Can’t figure out where I’m going wrong… some have mentioned the hackers cookbook has a working example but i don’t have that pdf.

Please DM me if you think you know where i’m going wrong or can offer general guidance.
Chur

Type your comment> @Destroyervg said:

Guys…i get:
“Connection closed by 10.10.10.160 port 22”
Do you have any suggestions ? Is it possible that i was blocked by too many attempts ? I did only 3 attempts though…

yeah that happens sometimes keep trying

Type your comment> @marchitect said:

Hey Hackers. I need a nudge please. I’ve enumerated and found two ports that look more interesting than the others one runs a service starting with r the other starts with w. I’ve found a few articles on r that point to creating an authorized_keys file. which seems to work, but when I ssh i’m prompted for a password :frowning: I’m guessing the username is the same r word as the service? I’m pretty confident the users home dir is not in the usual place. Can’t figure out where I’m going wrong… some have mentioned the hackers cookbook has a working example but i don’t have that pdf.

Please DM me if you think you know where i’m going wrong or can offer general guidance.
Chur

meh - ingore - i was being super noob and forgot to add a required directory to the path where you’d find an authorized_keys file lololol

finally rooted!
I didn’t get Mt’s shell. Is there any other ways rs - M*t - root ?

@snowleaf said:

finally rooted!
I didn’t get Mt’s shell. Is there any other ways rs - M*t - root ?

The privesc opens the doors for shells, if nothing else you can do it with MSF.

I have read hint after hint and cannot seem to gain access to the initial shell using re***. If anyone can PM me that would be great!

Hello, i trying use exploit for postman(webmin) but when i have use exploit i have error "

[*] Started reverse TCP handler on 10.0.2.15:4444 
[-] Exploit aborted due to failure: unknown: Failed to retrieve session cookie
[*] Exploit completed, but no session was created.

i use kali on VM, what i do wrong? I tried to do it with the help of burpsuite, but despite the fact that there are a lot of solutions in the net with his help, something does not work for me: D, otherwise using the guide is pointless.

Hello.
I start the hacking…
The first step is w****n no ?

@Reverse87 said:

i use kali on VM, what i do wrong? I tried to do it with the help of burpsuite, but despite the fact that there are a lot of solutions in the net with his help, something does not work for me: D, otherwise using the guide is pointless.

Is this for the final step of privesc or initial foothold.

If its the initial foothold, you might want to show options and check you have everything you need for the exploit to work.

rooted this yesterday!! I feel like this is one of the easier machines that requires some manual work (which I prefer). Shoot me a msg if you end up getting stuck.

Type your comment> @TazWake said:

@Reverse87 said:

i use kali on VM, what i do wrong? I tried to do it with the help of burpsuite, but despite the fact that there are a lot of solutions in the net with his help, something does not work for me: D, otherwise using the guide is pointless.

Is this for the final step of privesc or initial foothold.

If its the initial foothold, you might want to show options and check you have everything you need for the exploit to work.

I added RHOSTS, SSL, LPORT, username and password the ones he wants to add, or the ones he logs in to webmin?

My step:

  • scan postman, i see the webmin version is vulnerable, I run msfconsole, fill in the data, run the exploit and nothing else, I get that it can’t create a session.

Type your comment> @Reverse87 said:

I added RHOSTS, SSL, LPORT, username and password the ones he wants to add, or the ones he logs in to webmin?

My step:

  • scan postman, i see the webmin version is vulnerable, I run msfconsole, fill in the data, run the exploit and nothing else, I get that it can’t create a session.

Do you have credentials which work on the vulnerable service?

Type your comment> @TazWake said:

Type your comment> @Reverse87 said:

I added RHOSTS, SSL, LPORT, username and password the ones he wants to add, or the ones he logs in to webmin?

My step:

  • scan postman, i see the webmin version is vulnerable, I run msfconsole, fill in the data, run the exploit and nothing else, I get that it can’t create a session.

Do you have credentials which work on the vulnerable service?

No :confused: i tried use burpsuite but not working :frowning: I find on github Dog9w23 exploit for webmin 1.910 but i don’t have sid. I checked in the browser cookie but there is no sid. Do I need to use a hole in webmin to get the data? The problem is that I can’t, I still get burpsuite to provide login details.

@Reverse87 said:

No :confused: i tried use burpsuite but not working :frowning: I find on github Dog9w23 exploit for webmin 1.910 but i don’t have sid. I checked in the browser cookie but there is no sid. Do I need to use a hole in webmin to get the data? The problem is that I can’t, I still get burpsuite to provide login details.

So, if you dont have credentials, attacking the vulnerable service is not the right thing to do. Move on from that port unless you get credentials.

There is another port you need to focus on, but MSF wont help you.

Type your comment> @TazWake said:

@Reverse87 said:

No :confused: i tried use burpsuite but not working :frowning: I find on github Dog9w23 exploit for webmin 1.910 but i don’t have sid. I checked in the browser cookie but there is no sid. Do I need to use a hole in webmin to get the data? The problem is that I can’t, I still get burpsuite to provide login details.

So, if you dont have credentials, attacking the vulnerable service is not the right thing to do. Move on from that port unless you get credentials.

There is another port you need to focus on, but MSF wont help you.

So for now, port 10000 drops out until I get authorization. If MSF doesn’t help me, the easy task becomes difficult: D On all the guides I saw that everyone used burpsuite for postman and nothing else. I can’t even find the correct SID for now; /

i tried use python exploit to enumerate, but i have error: "

    paramiko.common.MSG_SERVICE_ACCEPT]```

```Traceback (most recent call last):
  File "ssh.py", line 30, in <module>
    old_parse_service_accept = paramiko.auth_handler.AuthHandler._handler_table[paramiko.common.MSG_SERVICE_ACCEPT]
TypeError: 'property' object has no attribute '__getitem__'

ssh.py is 45233.py