Postman

Netool1337 · February 6, 2020, 12:37pm

thank U for is box !

LMAY75 · February 6, 2020, 10:54pm

Lol so of course the msf exploit isn’t working for Wn… is there a way to manually exploit the Se P*e U****e? I’m logged in as Mt.

EDIT
Never mind it started working… still would be interested to learn the manual exploit though if anyone knows it PM me

FF0066 · February 7, 2020, 2:20am

Trying (and failing) to exploit AUTH via r***s to gain initial foothold but I keep getting permission denied when trying to change the directory for the s_ _ keys part of that process. Bashing head against keyboard now…suggestions on what i’m missing here would be greatly appreciated

J14L3 · February 7, 2020, 6:00am

@FF0066 pm me if you still need

Arrow · February 7, 2020, 12:14pm

I was able to get a s**** using the r***s user but after that I am stuck. I also figured out the user I should jump to. I thought that the key could be ****.rb files but no luck.
Any hints on that?

TazWake · February 7, 2020, 12:33pm

@Arrow said:

I was able to get a s**** using the r***s user but after that I am stuck. I also figured out the user I should jump to. I thought that the key could be ****.rb files but no luck.
Any hints on that?

Enumerate the filesystem. Find something that really shouldn’t have been backed up. Copy it to your local system, crack it and use it to switch into the user you need to be.

Then you have valid credentials.

R3s7D0ne · February 7, 2020, 2:30pm

id
uid=0(root) gid=0(root) groups=0(root)

Feel free to ask if u want some hints abt this old box.

Get the cookbook and you will get it done.

GNinja490 · February 7, 2020, 6:13pm

Got root! This box really isn’t as hard as it seems, though it took me some time. Tips for user: just enumerate for everything that seems valuable; when you find something, don’t think too concretely, but rather try everything you can. I didn’t even realize until after the fact that I could have submitted root before user… DM for help.

menorevs · February 7, 2020, 8:15pm

Anyone on discord that I can talk with about R***s? Something is not clicking with me.

Thanks

drak3hft7 · February 7, 2020, 9:46pm

id
uid=0(root) gid=0(root) groups=0(root)

Yeah.

T13nn3s · February 7, 2020, 11:31pm

Cool, just rooted this box. Use part was the most difficult. In the first place i couldn’t find any thing useful on the box. After hours of searching I have find this file. Root was the most easy root ever. I certainly enjoyed this box! Need an nudge? DM me

FF0066 · February 8, 2020, 4:57am

Type your comment> @KernelPanicATD said:

Rooted! fun box, learned a ton.

Foothold: the target service can be broken in multiple ways, if one way isn’t working then try and find another. Some methods are easier than others.

User: Just beacuse you don’t have the flag doesn’t mean you didn’t own user.

root: Don’t overcomplicate this one, everything’s in front of you. No need to do anything fancy.

pm for nudges

This hint on user flag made it all completely click for me, thanks!

dojoku · February 8, 2020, 5:51am

hey i tried to copy my S** key using set command but got error
“(error) READONLY You can’t write against a read only slave.”

so what i have to do? trying to connect again from internal R*****-C** into localhost?

thePtrPn · February 8, 2020, 11:31am

good box, Easier than i thought. Was overthinking it at first, the connections kept cutting out.
initial foothold:
the *-cli is all you need, it is really easy to put something on, you’ll find it all in the forums
user:
just enumerate and something will stand out, something that shouldn’t necessarily be there. Then move laterally to the other user.
Root:
CVE

TazWake · February 8, 2020, 12:31pm

@dojoku said:

hey i tried to copy my S** key using set command but got error
“(error) READONLY You can’t write against a read only slave.”

so what i have to do? trying to connect again from internal R*****-C** into localhost?

I’ve never seen that error so I am not 100% sure but it implies you are writing to something which doesn’t allow you to write to it.

Recheck the locations you are specifying and make sure you think they are valid for this box.

dojoku · February 8, 2020, 3:11pm

Type your comment> @TazWake said:

@dojoku said:

hey i tried to copy my S** key using set command but got error
“(error) READONLY You can’t write against a read only slave.”

so what i have to do? trying to connect again from internal R*****-C** into localhost?

I’ve never seen that error so I am not 100% sure but it implies you are writing to something which doesn’t allow you to write to it.

Recheck the locations you are specifying and make sure you think they are valid for this box.

after reset the machine, the problem is gone.

TazWake · February 8, 2020, 3:32pm

@dojoku said:

after reset the machine, the problem is gone.

Awesome.

Divegeeky · February 9, 2020, 12:28am

This machine taught me some new concepts. I quite enjoyed it.

User was significantly harder for me then Root in my opinion. However I had never done this exploit method.

I will say, for those having issues…identify what is different…and then Ippsec basically outlines how to get foothold on another box. Use Ippsec.rocks…seriously.

dojoku · February 9, 2020, 1:04pm

got the root,
~~but im not sure this is the intended way. ~~
~~Because i got SUPER shell before LOW level shell. ~~
~~if anybody have another way using different path, i’m appreciate if you pm me. ~~
~~i think i need to learn it.~~

anyway thx to @TazWake @Arrow for the nudge

*My Bad, i didnt try basic priv escallation, so actually USER shell is the first step then rise to ROOT shell.

PawelMateja · February 9, 2020, 1:08pm

Rooted, and the root part was pretty easy and straightforward. In user part on the other hand are places, where overthinkers can waste a lot of time. As I did. Still enjoyed it a lot!