Postman

Type your comment> @lolokidd said:

Type your comment> @MonocleHat said:

(Quote)
Found both, stuck as well. I’ve been trying to exploit ‘R***’ >> BindFailed The address is already in use or unavailable :slight_smile: But then again, this is my first HTB :slight_smile:

U dont need an exploit for it. The server is incredibly misconfigured use that to get what u need

Am I just dumb AF or is there a trick to getting the foothold on here. I feel like I’m doing the right thing but I’m obviously missing something. if you can help me start off I’ll let you know what I’ve done so far (don’t wanna post spoilers).
Thank you!

Type your comment> @Raqune said:

Am I just dumb AF or is there a trick to getting the foothold on here. I feel like I’m doing the right thing but I’m obviously missing something. if you can help me start off I’ll let you know what I’ve done so far (don’t wanna post spoilers).
Thank you!

I would recommend that you scan all ports first, you might also have to install a command line interface tool to interact with one of the services you have found in the initial scan.

Type your comment> @mach1ne said:

I would recommend that you scan all ports first, you might also have to install a command line interface tool to interact with one of the services you have found in the initial scan.

no, i got the service. but I cant figure out how to ket my stuff on there

Type your comment> @LMAY75 said:

Type your comment> @lolokidd said:

Type your comment> @MonocleHat said:

(Quote)
Found both, stuck as well. I’ve been trying to exploit ‘R***’ >> BindFailed The address is already in use or unavailable :slight_smile: But then again, this is my first HTB :slight_smile:

U dont need an exploit for it. The server is incredibly misconfigured use that to get what u need

Good to know, thanks for that :slight_smile:

Can somone DM me with the help with the CVE?
I got the user and etc, but cannot get the CVE to work. I’m pretty sure I’ve sorted SSL on it. Not sure what else to do.

Type your comment> @Raqune said:

Type your comment> @mach1ne said:

I would recommend that you scan all ports first, you might also have to install a command line interface tool to interact with one of the services you have found in the initial scan.

no, i got the service. but I cant figure out how to ket my stuff on there

Sometimes you can get inside anonymously. :smile: ss*-key generation tool will come in handy. It is possible to upload 1 type of key inside a database, you use another type of key to authenticate.

Packetstormsecurity has a great article on remote command execution on r**** service.
If this is a spoiler, PM I will remove it.

Type your comment> @mach1ne said:

Sometimes you can get inside anonymously. :smile: ss*-key generation tool will come in handy. It is possible to upload 1 type of key inside a database, you use another type of key to authenticate.

Packetstormsecurity has a great article on remote command execution on r**** service.
If this is a spoiler, PM I will remove it.
Thank you for your help. I got it eventually!

[Edited] I tried something else, it worked. User : check.

Stuck at the final part to get root.
“Exploit aborted due to failure: unexpected-reply: Failed to upload file”
Dont know what im missing, got creds on the web, ssl enabled.
it whould be appreciated If someone can point me on the right direction.

■■■, trying to get to user I got root lol.

Feel free to PM me for any doubts!

First box after taking several months break from HTB. Really enjoyed it. As usual, ping me if you need any help.

When I’m trying to connect with m**t’s key I get the error message:
Load Key “keygoeshere” error in libcrypto.

Is this a formatting problem?
J**n was able to read the key properly.
Any help appreciated.

@Quint0r said:

When I’m trying to connect with m**t’s key I get the error message:
Load Key “keygoeshere” error in libcrypto.

Is this a formatting problem?
J**n was able to read the key properly.
Any help appreciated.

When you say you are trying to connect as that account, what do you mean?

I dont think you can connect as the account but you can do something else to switch into it.

Postman has me stumped. I was able to successfully s** as r**. Then found user M***. Now trying to copy user.txt onto local machine, but I keep getting asked for a password? Am I missing something here? Any hints?

Squeeeeeeeeps.

if this gives too much away PM me and I’ll take it down…

I need help
Warning: identity file id_r*a not accessible: no such file or directory.
This Asking password

I got a shell on postman. Having and issue downloading the root.txt for the hash. Anybody else having an issue navigating with the python shell?

My very first box rooted. Definitely not an easy process.
Thanks to the community for the amazing support!

̶C̶a̶n̶ ̶a̶n̶y̶o̶n̶e̶ ̶c̶o̶n̶f̶i̶r̶m̶ ̶i̶f̶ ̶t̶h̶e̶r̶e̶’̶s̶ ̶a̶ ̶p̶r̶o̶b̶l̶e̶m̶ ̶w̶i̶t̶h̶ ̶t̶h̶e̶ ̶s̶h̶e̶l̶l̶/̶m̶a̶c̶h̶i̶n̶e̶?̶ ̶I̶’̶v̶e̶ ̶u̶s̶e̶d̶ ̶t̶h̶e̶ ̶u̶s̶e̶r̶ ̶c̶r̶e̶d̶e̶n̶t̶i̶a̶l̶s̶ ̶I̶ ̶f̶o̶u̶n̶d̶ ̶(̶M̶̶̶̶ ̶a̶n̶d̶ ̶c̶̶̶̶̶̶̶̶̶̶̶8̶)̶ ̶ ̶a̶n̶d̶ ̶u̶s̶i̶n̶g̶ ̶t̶h̶e̶ ̶e̶x̶p̶l̶o̶i̶t̶ ̶o̶n̶ ̶m̶̶f̶ ̶g̶o̶t̶ ̶i̶n̶.̶ ̶I̶’̶v̶e̶ ̶b̶e̶e̶n̶ ̶u̶n̶a̶b̶l̶e̶ ̶t̶o̶ ̶n̶a̶v̶i̶g̶a̶t̶e̶ ̶d̶i̶r̶e̶c̶t̶o̶r̶i̶e̶s̶ ̶i̶n̶ ̶W̶̶̶̶̶*̶ ̶a̶n̶d̶ ̶c̶a̶n̶ ̶o̶n̶l̶y̶ ̶s̶e̶e̶ ̶f̶i̶l̶e̶s̶ ̶i̶n̶ ̶t̶h̶e̶ ̶o̶n̶e̶ ̶f̶o̶l̶d̶e̶r̶.̶ ̶c̶d̶ ̶c̶o̶m̶m̶a̶n̶d̶ ̶d̶o̶e̶s̶ ̶n̶o̶t̶ ̶w̶o̶r̶k̶,̶ ̶w̶h̶o̶a̶m̶i̶ ̶s̶h̶o̶w̶s̶ ̶r̶o̶o̶t̶ ̶-̶ ̶b̶u̶t̶ ̶n̶o̶t̶h̶i̶n̶g̶ ̶w̶o̶r̶k̶s̶.̶ ̶C̶a̶n̶ ̶a̶n̶y̶o̶n̶e̶ ̶t̶e̶l̶l̶ ̶m̶e̶ ̶w̶h̶a̶t̶’̶s̶ ̶h̶a̶p̶p̶e̶n̶i̶n̶g̶ ̶h̶e̶r̶e̶?̶ ̶I̶t̶’̶s̶ ̶b̶e̶e̶n̶ ̶t̶h̶i̶s̶ ̶w̶a̶y̶ ̶f̶o̶r̶ ̶m̶o̶r̶e̶ ̶t̶h̶a̶n̶ ̶a̶ ̶d̶a̶y̶ ̶s̶o̶ ̶f̶a̶r̶.̶

edit: nvm i figured it out. It was right there dunno how i missed it.