Postman

dorian5 · February 29, 2020, 4:46pm

Rooted. Almost gave up on getting initial shell. Went through all the hints here and still wasn’t searching in the right place for the longest time. Once I got the shell L*****m quickly found the interesting file. After that, escalated straight to root via W****n exploit. Very new at this, so every box a learning experience. Thanks, @TheCyberGeek!

slingblade1980 · March 1, 2020, 9:43am

Hey guys, am at what I think is the final part of the box. I got entry shell then user creds for *T. Tried said creds for the high port number logged in and came right there, moved on to M but keep getting a "Exploit failed: Errno::ENOTCONN Transport endpoint is not connected - getpeername(2): error when I try to run the exploit. Have I missed something. this has been going on for a while now. Gentle nudge would be appreciated. P.S. if I have given away to much info here PM me and I will delete.

EDIT:
Nevermind, got him! In front of my eyes the whole time as usual! Rooted!

jiaxsun · March 1, 2020, 4:15pm

I’m stuck trying to figure out how to find usernames on the system. I’m aware of r****-c** and I believe I know the exploit, but It needs a username, and I’m new enough at this where I’m having trouble figuring out how to find it. Any hints?

kernelmahdi · March 1, 2020, 7:56pm

Found the webmin password with hydra [10000][http-post-form] host: 10.10.10.160 login: root password: XXXXXXXXXXXXX.

When I try to login I keep getting this message : Access denied for 10.10.14.X. The host has been blocked because of too many authentication failures.

help ?

T4t1k · March 1, 2020, 8:34pm

whoami
root
id
uid=0(root) gid=0(root) groups=0(root)

exploit for user was hard to find But root is very easy

WR47H · March 1, 2020, 9:57pm

wow that r****s did a number onme…we keep overwriting eachother lol
anyway thanks for the box
all the exploits are cve goodluck
peaceout

Dr0g0n · March 2, 2020, 1:18am

Rooted! I really enjoyed this machine!
User exploit and root exploit are pretty easy to find online.
Thank you for all the tips!

kernelmahdi · March 2, 2020, 1:41am

Just rooted Postman !!! thanks to @Schex @AidBucket @Arbitrary @Maddy

visiblyshak3n · March 2, 2020, 4:03am

Rooted finally and learned so much about r****s on this one. Thanks to all those who gave tips.

de7fx10 · March 2, 2020, 7:43am

Type your comment> @xorcist said:

Finally, got a root privilege. Straightforward box.
Everybody knows enumeration is key, but I have missed and stuck in rabbit hole.
I generally use ‘nmap -sC -sV’ options, but do we always have to use nmap deep scan at the first stage? Once we investigated few vulnerabilities against unusual services, then following processes were similar to Traverxec. If anyone still in the cloud,message me.

@fearlessmcp said:
i found ik and i decrypt it and i got c8.Then I used it to login user @M*** but it say Connection closed by 10.10.10.160 port 22

same here…no luckk

d4ddyd4rth · March 2, 2020, 7:54am

Type your comment

RybinR · March 2, 2020, 10:56am

Spoiler Removed

hur · March 2, 2020, 1:45pm

For root, I think I’m doing everything correctly but the mt exploit is not working… I’ve set s’l to t’‘e and have u’‘r M’'t and c*8 but it’s failing to retrieve session cookie. CE ***9-'‘84’. Any hints?

EDIT: nvm got it. rooted

MiniClem001 · March 2, 2020, 2:00pm

Type your comment> @hur said:

For root, I think I’m doing everything correctly but the mt exploit is not working… I’ve set s’l to t’‘e and have u’‘r M’'t and c*8 but it’s failing to retrieve session cookie. CE ***9-'‘84’. Any hints?

Have you tried to tickle with the SSL option ?

Rajackar · March 2, 2020, 3:57pm

Just got my first 0wn with this one. Took me a long time to get user but root was super easy.
A lot of thanks to everyone who posted hints here.
Still not entirely sure how I should’ve figured out the r**** path but it worked at some point.

GGhaley · March 2, 2020, 4:18pm

I feel like I’m totally stuck. After hours and hours of research, I finally got my hands on r****-***, uploaded the *** key, but from there I have no idea what to do. If anyone can give me a guiding hand via PM, I would really appreciate it, it’s my first box and I’m totally new to this.

pp123 · March 2, 2020, 10:34pm

This was a very nice box. A little confusing when getting the user info.

The exploit gave me root directly. Not sure if that was the intended way. If anyone needs some help let me know.

pp123

curryrice · March 3, 2020, 8:03am

i’m trying to ssh in as m*** (i have the key and the passphrase) but it keeps saying “Connection closed by 10.10.10.160 port 22”

is this supposed to happen?

MiniClem001 · March 3, 2020, 8:06am

Type your comment> @deetee1 said:

i’m trying to ssh in as m*** (i have the key and the passphrase) but it keeps saying “Connection closed by 10.10.10.160 port 22”

is this supposed to happen?

You’ll have your answer in the sshd config file.

GGhaley · March 3, 2020, 5:58pm

2 days but I rooted my first box thanks to @eviltor13
Thank you so so much for your help!

PM for tips, I’m more than willing to pay back the help I got