Postman

I own it.

PM me , I will give some hint.

If it is helpful, please respect me.

Hack The Box

A hint for those who got stuck at a stupid thing: If you are not allowed to put a p*b file into someone’s home directory, you should really figure out whether the directory you have permission on belongs to someone else.

@TheCyberGeek Thanks for the box,

User: Sometimes vulnerable versions are not precise. Look where you are and what is near you before moving things around, remember there are other people hacking the box so things may change before you can exploit.

Root: Think about what you have, you probably already found the vulnerability.

Rooted !
I’ve learned a lot of with this box
User : make a good scan and search for exploits
Root : check for CVE

If you are blocked, don’t hesitate to PM me :slight_smile:

I’ve generated an SSH key and copied it successfully to the R***s server but am failing to SSH into it. Would appreciate some help!

Any hints on getting a foothold. I found an exploit that I believe is correct but Its not working. Any nudges would be greatly appreciated.

hey everyone
just rooted this machine
was a lot of fun and learnt a ■■■■ of a lot on the way

however I’m curious, the people who got root before user, how did you do it?
the path i went down i can see a way to do it but you’d have to make some assumptions…

nvm wrong post.

Type your comment> @mach1ne said:

Hello everyone, I am new here.
I got low level access using h with r** user, after that I found i****.bak file but don’t know how to use/crack it. What should I be looking for, can somebody give me a hint?
Thanks.

Here’s a nice how to crack ssh keys: Beginners Guide for John the Ripper (Part 2) - Hacking Articles

NB: In my case the ssh2john.py was in this dir on kali: /usr/share/john/ssh2john.py

Type your comment> @MonocleHat said:

im completely stuck. Both the exploits i thought to work dont work either cause i cant config it right, or i just dont understand it…

I found rs and w*n but dont have any sort of clue how to use em

Found both, stuck as well. I’ve been trying to exploit ‘R***’ >> BindFailed The address is already in use or unavailable :slight_smile: But then again, this is my first HTB :slight_smile:

Type your comment> @lolokidd said:

Type your comment> @MonocleHat said:

(Quote)
Found both, stuck as well. I’ve been trying to exploit ‘R***’ >> BindFailed The address is already in use or unavailable :slight_smile: But then again, this is my first HTB :slight_smile:

U dont need an exploit for it. The server is incredibly misconfigured use that to get what u need

Am I just dumb AF or is there a trick to getting the foothold on here. I feel like I’m doing the right thing but I’m obviously missing something. if you can help me start off I’ll let you know what I’ve done so far (don’t wanna post spoilers).
Thank you!

Type your comment> @Raqune said:

Am I just dumb AF or is there a trick to getting the foothold on here. I feel like I’m doing the right thing but I’m obviously missing something. if you can help me start off I’ll let you know what I’ve done so far (don’t wanna post spoilers).
Thank you!

I would recommend that you scan all ports first, you might also have to install a command line interface tool to interact with one of the services you have found in the initial scan.

Type your comment> @mach1ne said:

I would recommend that you scan all ports first, you might also have to install a command line interface tool to interact with one of the services you have found in the initial scan.

no, i got the service. but I cant figure out how to ket my stuff on there

Type your comment> @LMAY75 said:

Type your comment> @lolokidd said:

Type your comment> @MonocleHat said:

(Quote)
Found both, stuck as well. I’ve been trying to exploit ‘R***’ >> BindFailed The address is already in use or unavailable :slight_smile: But then again, this is my first HTB :slight_smile:

U dont need an exploit for it. The server is incredibly misconfigured use that to get what u need

Good to know, thanks for that :slight_smile:

Can somone DM me with the help with the CVE?
I got the user and etc, but cannot get the CVE to work. I’m pretty sure I’ve sorted SSL on it. Not sure what else to do.

Type your comment> @Raqune said:

Type your comment> @mach1ne said:

I would recommend that you scan all ports first, you might also have to install a command line interface tool to interact with one of the services you have found in the initial scan.

no, i got the service. but I cant figure out how to ket my stuff on there

Sometimes you can get inside anonymously. :smile: ss*-key generation tool will come in handy. It is possible to upload 1 type of key inside a database, you use another type of key to authenticate.

Packetstormsecurity has a great article on remote command execution on r**** service.
If this is a spoiler, PM I will remove it.

Type your comment> @mach1ne said:

Sometimes you can get inside anonymously. :smile: ss*-key generation tool will come in handy. It is possible to upload 1 type of key inside a database, you use another type of key to authenticate.

Packetstormsecurity has a great article on remote command execution on r**** service.
If this is a spoiler, PM I will remove it.
Thank you for your help. I got it eventually!

[Edited] I tried something else, it worked. User : check.

Stuck at the final part to get root.
“Exploit aborted due to failure: unexpected-reply: Failed to upload file”
Dont know what im missing, got creds on the web, ssl enabled.
it whould be appreciated If someone can point me on the right direction.