Postman

HTB Content Machines
702

I can’t work on this box because it keeps becoming unreachable every 20 seconds.

So annoying… Can someone have a look at the machine? I’m on the edge-us-vip-14.hackthebox.eu VPN.

Besides, I have reached the initial foothold. PM me if you need any help with that stage.

703

Rooted the easy way. If anyone completed the privesc manually I would like to know you did it.

704

Type your comment> @Nexe said:

Hey guys, just got user access, trying to use a m**** module on w***n but i’m getting a “cookie error” and “no session was created”. Am i on the right way ? I don’t mind some hints :s nvm, got it working. hint for this error: don’t forget ssl like i did…

ROOTED !

pm me for hints/nudges

Thanks, @Nexe :slight_smile: That “don’t forget ssl” really helped me big time, got it right away.

705

Ok, this box is driving me crazy :stuck_out_tongue:

I managed to get a foothold using the “An Ethical Hacker’s Cookbook” good read :slight_smile:
Then I try it again and I get permission denied when attempting to SSH.

That aside (for now) when I was inside there, I managed to see an interesting file “*.bak”

Tried to crack it using john and the usual file but no go… am I on the right track here?
A nudge would be good :slight_smile:

Cheers!

Ok, updated, got my foothold back, typos in my commands :stuck_out_tongue: (head smack)

Still need the nudge for the *.bak file…

706

Rooted.
Thanks @rholas and @sckull for your help :slight_smile:

707

Type your comment> @lhh4sa said:

is anyone having issues with getting the S** key to the right file location in R****? I keep getting a password prompt after i follow the steps.

i think someone is also using the same exploit as you are! or maybe someone just alter the rds as a read only!

708

@lhh4sa said:
I cannot for the life of me find the file needed for gaining user access after gaining the initial foothold. Pretty sure I am blind and its staring me in the face.

Any help would be greatly appreciated, trying to root my first box.

just enumerate it bro real hard maybe you just missed it

709

@acidbat said:
Ok, this box is driving me crazy :stuck_out_tongue:

I managed to get a foothold using the “An Ethical Hacker’s Cookbook” good read :slight_smile:
Then I try it again and I get permission denied when attempting to SSH.

That aside (for now) when I was inside there, I managed to see an interesting file “*.bak”

Tried to crack it using john and the usual file but no go… am I on the right track here?
A nudge would be good :slight_smile:

Cheers!

Ok, updated, got my foothold back, typos in my commands :stuck_out_tongue: (head smack)

Still need the nudge for the *.bak file…

bro when using john and cracking that file what’s the first thing you must do? before you can crack it?

710

Type your comment> @6062055 said:

Type your comment> @Nexe said:

Hey guys, just got user access, trying to use a m**** module on w***n but i’m getting a “cookie error” and “no session was created”. Am i on the right way ? I don’t mind some hints :s nvm, got it working. hint for this error: don’t forget ssl like i did…

ROOTED !

pm me for hints/nudges

Thanks, @Nexe :slight_smile: That “don’t forget ssl” really helped me big time, got it right away.

Hey! Thanks for the hint. But I haven’t been forgetting the SSL, got the creds required for the exploit (M***, c***********), figured out that we have the pk* u**** privs for our user M*** but the exploit ends with Exploit completed but no session was created.

Any pointers on where I might be going wrong?

EDIT: Got user. For root → Still the same problem. Any pointers on what could be going wrong? I am using the w*****p********* exploit. SSL set to true. Not working man. Really frustrated at this point.

711

Got root before user. This machine is pretty difficult and frustrating for an easy one. Nothing worked out of the box and I had to carefully prepare each exploit and then find out why it doesn’t work as it should.

712

Initial foothold was a great learning experience for me, user taught me an important lesson as well. Really enjoyed the box!

713

Tried running rockyou.txt on the pri**** S** e but no luck so far after 25 minutes. My fans are going like it’s the end of its life.

Is there an easier way to do this than buying a Geforce GTX 20 series card? Hahah!

Edit: I’m so silly; I didn’t even see the password that came up. I am got the second user now. :))

714

Hi, i’ve just finished this machine, thanks @OddRabbit and @misthi0s for the help at the foothold, if anyone need a nudge to get user or root just PM me :slight_smile:

715

Type your comment> @wewppp said:

@acidbat said:
Ok, this box is driving me crazy :stuck_out_tongue:

I managed to get a foothold using the “An Ethical Hacker’s Cookbook” good read :slight_smile:
Then I try it again and I get permission denied when attempting to SSH.

That aside (for now) when I was inside there, I managed to see an interesting file “*.bak”

Tried to crack it using john and the usual file but no go… am I on the right track here?
A nudge would be good :slight_smile:

Cheers!

Ok, updated, got my foothold back, typos in my commands :stuck_out_tongue: (head smack)

Still need the nudge for the *.bak file…

bro when using john and cracking that file what’s the first thing you must do? before you can crack it?

Yup, got it now :slight_smile:
User flag done, on to root

716

alright rooted

Thank you very much @TheCyberGeek - it was a good learning curve for me :slight_smile:
Also a thank you to @rholas and @J0hnD03 for the nudges :slight_smile:

Foothold: Plenty on the forum but read the ‘An Ethical Hacker’s Cookbook.pdf’ and pay attention to the images + text (they are not always the same…)
User: Good juicy backup file you can have a look at and ask SS*John to help you out followed by his friend John, together they can rock you with a solution.
Root: As everyone keeps saying: CVE, I bummed out a little there on the listening address

717

How many time John needs to finish his job? I started it 3 hours ago and he is still working…

I did a stupid mistake…

718

Rooted!

Make sure to thoroughly nmap/scan/info gather at first to find a foothold. You should see more than just 2 low number ports open. Google around, this was my first time working with the protocol and it was quite involved.

Once you have your foothold, identify users on the machine and dig for any files they own in the file tree. The file will give you information to escalate to user. Don’t get thrown off that file itself may not be used other than to recover creds.

Root was rather easy. I love metasploit.

Good luck, PM or Valor in Discord if you need anything.

719

Type your comment> @c4ph00k said:

How many time John needs to finish his job? I started it 3 hours ago and he is still working…

I did a stupid mistake…
bro just use the most common wordlist that you can find like rkyo*.txt

720

Type your comment> @wewppp said:

Type your comment> @c4ph00k said:

How many time John needs to finish his job? I started it 3 hours ago and he is still working…

I did a stupid mistake…
bro just use the most common wordlist that you can find like rkyo*.txt

i did a mistake with other file and not the correct one, I solved and john works correct with rkyo*.txt. i got the user flag, now i’m working for the root.
Thanks.

edited - rooted, a bit dislike about the root, I used msf. did somebody use a different approach? If yes, can you kindly PM me?

721

I quite liked this puzzle, I think it was perfect for me as a first box. Although I must say that the ik file and fact that it was possible to s into the r**** user felt a bit artificial to me. At least On Ubuntu, by default I get nologin for the user r**** and I can’t see why would anyone change that.