Postman

Type your comment> @MrW0l05zyn said:

Type your comment> @q1Z said:

Type your comment> @Icyb3r said:

Type your comment> @verdienansein said:

Found a i*_r**.bak. Is right for User?

yup you are on the right path. :slight_smile:

rockyou is enough to solve this part?

It works.

you are right… just an old john version…

Rooted

Rooted! It is nice for me to always know and learn from a new service. Also reinforce once again the importance of hardening the configuration of these at the time of installation.

Private message if you need help with ā€œPostmanā€.

Got User. Now going for root!

rooted in 5 mins after user, too easy

Rooted. Root part was way too easy.
Btw, why was it named Postman?

rooted :slight_smile: thx for the hints @MrW0l05zyn & @trollzorftw

Rooted :).

Not a very interesting box tbh. PM me if needed !

Rooted. The initial step wasn’t difficult but a bit confusing if you’re not too familiar with R*d**. The privilege escalation part was a bit too easy for my liking. I’m sure it might hold some value for beginners. If you need help PM me.

Not the best box here, but whatever. I guess the first step could be messy on public…
I got root before user, not really sure if I missed something obvious.

Got root, there’s plenty of hints on here already
Struggled with the last stage for some reason, had everything right but an unknown issue was stopping a connection.
Pm me if you need help

This one was interesting, you can definitely go down a rabbit hole super easily if you assume all public tools will hold the key. This one was one-offed quite a bit and is only easy if you’re super creative.

rooted

PM for nuggets

@rholas Just sent you a PM.

Stuck in M*** user, any nudge for the root? Exploit in msf is not working

I’m not familiar with r**** so I think I’m down the rabbit hole. The obvious exploits don’t work (assuming on purpose), will I need to ā€˜guess the username’ somehow, or can I find that via enumeration?

Type your comment> @idomino said:

I’m not familiar with r**** so I think I’m down the rabbit hole. The obvious exploits don’t work (assuming on purpose), will I need to ā€˜guess the username’ somehow, or can I find that via enumeration?

No guessing is needed for this box

@blackwingz44 said:
Stuck in M*** user, any nudge for the root? Exploit in msf is not working

Just exploit something that before getting a user you couldn’t. It Is a common vulnerability.

GitHub > msf
slave is not the way

if it is slaved and you cant write, try
slaveof no one

Rooted, if you think or have a question why not work.
Try to reset machine first.

@_@