Postman has me stumped. I was able to successfully s** as r**. Then found user M***. Now trying to copy user.txt onto local machine, but I keep getting asked for a password? Am I missing something here? Any hints?
Finally rooted also this box. The user own was very easy… I had more difficults with the root flag. It’s an Easy box all you need is a good enumeration, find all credentials and use It for get the root. The right exploit is the Key from my perspective
Rooted! Thank you @TheCyberGeek, learned a lot about a certain service.
Foothold: That service isn’t supposed to be public-facing…
User: Enumeration will give you something to use on that other service. Flag will not come until later.
Root: searchsploit
Rooted. Almost gave up on getting initial shell. Went through all the hints here and still wasn’t searching in the right place for the longest time. Once I got the shell L*****m quickly found the interesting file. After that, escalated straight to root via W****n exploit. Very new at this, so every box a learning experience. Thanks, @TheCyberGeek!
Hey guys, am at what I think is the final part of the box. I got entry shell then user creds for *T. Tried said creds for the high port number logged in and came right there, moved on to M but keep getting a "Exploit failed: Errno::ENOTCONN Transport endpoint is not connected - getpeername(2): error when I try to run the exploit. Have I missed something. this has been going on for a while now. Gentle nudge would be appreciated. P.S. if I have given away to much info here PM me and I will delete.
EDIT:
Nevermind, got him! In front of my eyes the whole time as usual! Rooted!
I’m stuck trying to figure out how to find usernames on the system. I’m aware of r****-c** and I believe I know the exploit, but It needs a username, and I’m new enough at this where I’m having trouble figuring out how to find it. Any hints?