Postman

xuretto · November 3, 2019, 8:40pm

Type your comment> @MrW0l05zyn said:

Type your comment> @q1Z said:

Type your comment> @Icyb3r said:

Type your comment> @verdienansein said:

Found a i*_r**.bak. Is right for User?

yup you are on the right path.

rockyou is enough to solve this part?

It works.

you are right… just an old john version…

rholas · November 3, 2019, 9:01pm

Rooted

MrW0l05zyn · November 3, 2019, 9:02pm

Rooted! It is nice for me to always know and learn from a new service. Also reinforce once again the importance of hardening the configuration of these at the time of installation.

Private message if you need help with “Postman”.

verdienansein · November 3, 2019, 9:22pm

Got User. Now going for root!

q1Z · November 3, 2019, 9:30pm

rooted in 5 mins after user, too easy

verdienansein · November 3, 2019, 10:33pm

Rooted. Root part was way too easy.
Btw, why was it named Postman?

tuzz · November 3, 2019, 11:00pm

rooted thx for the hints @MrW0l05zyn & @trollzorftw

beorn · November 3, 2019, 11:07pm

Rooted :).

Not a very interesting box tbh. PM me if needed !

m3ll0 · November 4, 2019, 12:21am

Rooted. The initial step wasn’t difficult but a bit confusing if you’re not too familiar with R*d**. The privilege escalation part was a bit too easy for my liking. I’m sure it might hold some value for beginners. If you need help PM me.

gall0ws · November 4, 2019, 12:44am

Not the best box here, but whatever. I guess the first step could be messy on public…
I got root before user, not really sure if I missed something obvious.

NullR3ference · November 4, 2019, 2:00am

Got root, there’s plenty of hints on here already
Struggled with the last stage for some reason, had everything right but an unknown issue was stopping a connection.
Pm me if you need help

FNGCrysis · November 4, 2019, 4:01am

This one was interesting, you can definitely go down a rabbit hole super easily if you assume all public tools will hold the key. This one was one-offed quite a bit and is only easy if you’re super creative.

rholas · November 4, 2019, 5:08am

rooted

PM for nuggets

icthus1 · November 4, 2019, 5:45am

@rholas Just sent you a PM.

blackwingz44 · November 4, 2019, 7:40am

Stuck in M*** user, any nudge for the root? Exploit in msf is not working

idomino · November 4, 2019, 8:03am

I’m not familiar with r**** so I think I’m down the rabbit hole. The obvious exploits don’t work (assuming on purpose), will I need to ‘guess the username’ somehow, or can I find that via enumeration?

verdienansein · November 4, 2019, 9:17am

Type your comment> @idomino said:

I’m not familiar with r**** so I think I’m down the rabbit hole. The obvious exploits don’t work (assuming on purpose), will I need to ‘guess the username’ somehow, or can I find that via enumeration?

No guessing is needed for this box

verdienansein · November 4, 2019, 9:18am

@blackwingz44 said:
Stuck in M*** user, any nudge for the root? Exploit in msf is not working

Just exploit something that before getting a user you couldn’t. It Is a common vulnerability.

angar · November 4, 2019, 9:55am

GitHub > msf
slave is not the way

if it is slaved and you cant write, try
slaveof no one

nongtarl · November 4, 2019, 10:18am

Rooted, if you think or have a question why not work.
Try to reset machine first.

@_@