Postman

HTB Content Machines
81

Type your comment> @MrW0l05zyn said:

Type your comment> @q1Z said:

Type your comment> @Icyb3r said:

Type your comment> @verdienansein said:

Found a i*_r**.bak. Is right for User?

yup you are on the right path. :slight_smile:

rockyou is enough to solve this part?

It works.

you are rightā€¦ just an old john versionā€¦

82

Rooted

83

Rooted! It is nice for me to always know and learn from a new service. Also reinforce once again the importance of hardening the configuration of these at the time of installation.

Private message if you need help with ā€œPostmanā€.

84

Got User. Now going for root!

85

rooted in 5 mins after user, too easy

86

Rooted. Root part was way too easy.
Btw, why was it named Postman?

87

rooted :slight_smile: thx for the hints @MrW0l05zyn & @trollzorftw

88

Rooted :).

Not a very interesting box tbh. PM me if needed !

89

Rooted. The initial step wasnā€™t difficult but a bit confusing if youā€™re not too familiar with R*d**. The privilege escalation part was a bit too easy for my liking. Iā€™m sure it might hold some value for beginners. If you need help PM me.

90

Not the best box here, but whatever. I guess the first step could be messy on publicā€¦
I got root before user, not really sure if I missed something obvious.

91

Got root, thereā€™s plenty of hints on here already
Struggled with the last stage for some reason, had everything right but an unknown issue was stopping a connection.
Pm me if you need help

92

This one was interesting, you can definitely go down a rabbit hole super easily if you assume all public tools will hold the key. This one was one-offed quite a bit and is only easy if youā€™re super creative.

93

rooted

PM for nuggets

94

@rholas Just sent you a PM.

95

Stuck in M*** user, any nudge for the root? Exploit in msf is not working

96

Iā€™m not familiar with r**** so I think Iā€™m down the rabbit hole. The obvious exploits donā€™t work (assuming on purpose), will I need to ā€˜guess the usernameā€™ somehow, or can I find that via enumeration?

97

Type your comment> @idomino said:

Iā€™m not familiar with r**** so I think Iā€™m down the rabbit hole. The obvious exploits donā€™t work (assuming on purpose), will I need to ā€˜guess the usernameā€™ somehow, or can I find that via enumeration?

No guessing is needed for this box

98

@blackwingz44 said:
Stuck in M*** user, any nudge for the root? Exploit in msf is not working

Just exploit something that before getting a user you couldnā€™t. It Is a common vulnerability.

99

GitHub > msf
slave is not the way

if it is slaved and you cant write, try
slaveof no one

100

Rooted, if you think or have a question why not work.
Try to reset machine first.

@_@