Postman

Finally did it, rooted! Was missing the obvious, so annoying when that happens. Still, great box, really enjoyed the journey, thanks @TheCyberGeek

Hey,
Which one could give me a clue about the u******* to use for S** when I injected my k** via R***s?

I’ve been blocking for a week now…

EDIT : Ok… now it’s work i don’t know how …

EDIT : Fuck me i m so tard …

EDIT : Rooted…

Could anyone reset the machine? It says I’ve reached the limit for today. I owned user and cannot get access anymore now due to someone breaking r***s.

rooted :slight_smile:
I didn’t manage to get the m thing to run for root so I crafted my own h***-r******. Maybe someone wants to share their way via PM? I never use the m thing, because it never works for me. Maybe there is something wrong with my installation?
Cheers!

Rooted! Thank you for all the support!
There’s really plenty of information to solve this challenge in the comments. Probably too much.

What took me so much time was the inconsistency of the “magic value” you’re able to retrieve.
It doesn’t work for the most obvious thing you’d think it works, you need a workaround but that in the end isn’t even necessary.

Then, there’s a service that you could not exploit before but now you can, however the “magic value” wasn’t working for me and I tried it multiple times. So I just left it as is and tried other paths.

In the end I’m happy with the experience, happy with my first hacked box, however I also lost too much time on really trivial things :stuck_out_tongue:

Stuck at last step for user, need a nudge. PM please

user? @mrdebator? just enumerate it again and again find the one that’s in front of you, but something that’s not something your supose to find!!! hahahaha

not: just report this if it’s a spoiler!!

rooted!
initial shell:
scan harder!!!
user:
just enumerate it harder!
root:
ask google for answere!
just report it as spoiler if it is too much!

I’m very stucked, in r***s service, I would appreciate your help!!

bro don’t stick to one instead capitalized the available results that you have maybe you can use it to gain a shell remember! google is your friend in this stage!

Cracked s** ky but don’t know how to use it. Every s** lg*n attempt fails.

PS - report if spoiler

Can’t get the reverse shell to work… Just says Warning! Webmin has detected that the program…

Any hints?

DONE IT !.. Good box.

Spoiler Removed

Spoiler Removed

Uhm…
So I was able to skip user altogether ._.
Initial foothold → Root
PM me how you got user after initial.

nvm, I derped

rooted! thanks to hackerB31 and jpcweb for the hints!

Am beginner of HTB. I tried R**** exploit. Reverse, interactive shell and R****-CLI not connecting.
What should i do help me.? Which website’s document is correct for R**** exploit…

I exploited re*** and find backup user . Who can tell me what is next step ?

i got the i*_r**.b** file but i dont get any results using the common way for processing and cracking this type of file. is there anything i am missing?