Postman

r3dr3b3l11 · November 29, 2019, 2:16am

Please stop rebooting the freaking box! So annoying!

paidtheprice · November 29, 2019, 2:40am

i dont know if that was me or not but i tried rebooting it and never saw it go down? do you know if/why the r----- shell exploit stopped working (maybe just for me?)

hacktheera · November 29, 2019, 4:02am

got the shell but not able to get privilege it , any help

Cyb3r3x3r · November 29, 2019, 7:06am

Need help getting the shell. Any help would be appreciated.

S0P00NG · November 29, 2019, 8:16am

Finally, got a root privilege. Straightforward box.
Everybody knows enumeration is key, but I have missed and stuck in rabbit hole.
I generally use ‘nmap -sC -sV’ options, but do we always have to use nmap deep scan at the first stage? Once we investigated few vulnerabilities against unusual services, then following processes were similar to Traverxec. If anyone still in the cloud,message me.

lesleybw · November 29, 2019, 8:45am

Just got root before I got user.Pretty weird but an awesome experience…
Only learnt a lot on the initial foothold really,root was just a very well documented CVE.

Feel free to pm for nudges.

Pin3apple · November 29, 2019, 10:55am

Got root, finally…

Initial shell: was much fun and I learned to use r**** allot better.

User:
Got stuck on simple enumeration, just keep it simple after initial shell and look where you normally also look.

Root:
Well… Not much to say. Root is a giveaway on this box.

If you need a nudge, PM me.

NFire0111111 · November 29, 2019, 3:12pm

Rooted ! Nice box
thanks for hints @N0tAC0p

Initial shell…
Well enumerate hard…!
User shell…
Check juice file
Root shell…
check what you have enumerated at the beginning…!

Void0x79 · November 29, 2019, 11:38pm

Hey all,
A nudge pls. I can see and connect to r****. cant upload due to read-only

bumika · November 29, 2019, 11:41pm

Type your comment> @EphemeralCodex said:

Hey all,
A nudge pls. I can see and connect to r****. cant upload due to read-only

There is a command that can set the writable mode again.

pouerccat · November 30, 2019, 1:10am

anyon DM for me…
i found liseten port 1**** on 10.10.10.160. this page Wm.
this page currently not work.
if it is work well. how i can get a account?
i use m***e tool. but it is not figure.

mrEv3 · November 30, 2019, 9:36am

Type your comment> @rholas said:

rs and w*n

10*** /pawod_chne.c*i intresting backdoor

I got this and tried the recent 0day. while checking it through shell script it show “vulnerable”. Checked the video on youtube to get actual RCE. not didn’t work. should check the other service i.e. r***s

mrEv3 · November 30, 2019, 11:07am

Type your comment> @rholas said:

rs and w*n

10*** /pawod_chne.c*i intresting backdoor

I got this and tried the recent 0day. while checking it through shell script it show “vulnerable”. Checked the video on youtube to get actual RCE. not didn’t work. should check the other service i.e. r***s

c0nsid3rate · November 30, 2019, 8:42pm

Finally rooted this ■■■■■■. Great learning for me. Hints:

Initial Foothold:
Futzed with an exploit forever. The master/slave errors tend to be a thing with r***s, apparently. And did finally get the script modified to reflect the environment properly.

User:
I needed to do basic enumeration, but didn’t, so wasted a lot of time here. Also, doing the j**n things with the found thing was new to me.

Root:
M******** with things learned from user.

LiterallyNaked · December 1, 2019, 12:10am

Fun box thanks for the R***s lesson

RootMotus · December 1, 2019, 3:34am

root@Postman:~# id
uid=0(root) gid=0(root) groups=0(root)

but me i went directly root

My third box

Advice :
Step 1 scan deeper than usual with nmap
Step 2 Read, learn about a new service and is vulnerability (most educational part)
Step 3 enumerate when you get the initial shell until you find something interesting that you’ll need to examine
Step 4 add what you know with what you found somewhere (magic)

step 5 cve exploit

Good luck !

there is plenty of hint on the forum i did it without asking to somebody in DM and i have only 3 box so just read re read the forum and take your time

if you need help dm me and if i help you can bless me with a little respect+ on my profile ^^

GreyHat86 · December 1, 2019, 9:32am

Any DM’s on this would be a great help for foothold. Used R*****-I and followed well published documents online regarding keys. Also found an exploit that gives me access with a shell prompt, however, no basic commands return anything. Do I have to go back to the c? This defults to the tmp dir after bouncing the box.

Any nudges would be appreciated

amartinr · December 1, 2019, 10:46am

I arrived late to this…

I managed to get the unprivileged shell with r****-i. I eventually got disconnected. Now I cannot get again that shell using the same technique. Has anything changed on r**?

MactheDice · December 1, 2019, 3:23pm

Having r****-i come back with an error of sy**.e**c unknown… I know I am going in the right direction, but commands not recognized. DM help please.

amartinr · December 1, 2019, 3:40pm

Type your comment> @MactheDice said:

Having r****-i come back with an error of sy**.e**c unknown… I know I am going in the right direction, but commands not recognized. DM help please.

Enable verbosity on r****-**i and you’ll realize that might not be the right path.