This is my first machine and I’m stuck getting the initial foothold. I guess I’m on the right path but can’t get through it after a number of attempts. I’m still getting Permission Denied error and hence unable to go further.
This is my first machine and I’m stuck getting the initial foothold. I guess I’m on the right path but can’t get through it after a number of attempts. I’m still getting Permission Denied error and hence unable to go further.
May someone, please give me a push? Thanks!
Got the User as well as the Root.
Special Shoutout to @eviltor13 and @luckyUser for showing the right direction.
After a good amount of learning, I managed to root it
small tip for some of the later steps, take notice that the server is running in SSL mode; adjust your tools or techniques accordingly. Lesson learned, overlooking something seemingly small will cost you some time.
Stuck on the M********t wn re using M creds.
I have flipped the flag needed, but am receiving the following message:
“Exploit completed, but no session was created.”
I have a feeling I overlooked something, or did not flip everything I needed to. Any pointers would be much appreciated!
Hello guys,
I’ve already rooted postman. However I’ve only exploit W*****n and I got a reverse shell with root priv with that exploit.
I wonder know what are the other methods.
Thank you!
Initial Foothold: Download the service in question and see where it’s typical home directory is. Then update the exploit script accordingly.
User: Search around for a useful file. What…it’s not working? Check the config to see why. Then remember that users are lazy and can’t be bothered to remember multiple passwords
Root: Take a look at that service that you thought would be useful when you first scanned, but didn’t have the right equipment to exploit it at the time. Maybe you have the right equipment now that you’ve gotten user…
i got user flag friends…but 10.10.10.160:10000 not loading
shows error message “ssl enabled visit https://postman:10000/ instead”
but the page is also not responding
so that I cant login using creds!!!
anyone have any idea…
please help me…thanks
i got user flag friends…but 10.10.10.160:10000 not loading
shows error message “ssl enabled visit https://postman:10000/ instead”
but the page is also not responding
so that I cant login using creds!!!
anyone have any idea…
please help me…thanks
@Fratouth said:
hi everyone,
This is my third box but I try all exploit for the 3 ports ( 22,80,10000) but nothing.
do I have to use brute force ? I don’t think…
Just rooted… Had to follow some steps that i would not think by myself for redis-cli because i couldn’t use the exploit properly (i believe i missed something)… If anyone used the exploit get the first acess can you pm me your walkthrough? Thanks
Just rooted… Had to follow some steps that i would not think by myself for redis-cli because i couldn’t use the exploit properly (i believe i missed something)… If anyone used the exploit get the first acess can you pm me your walkthrough? Thanks
So I was exactly the same. I was following the Cookbook, the Medium blog post, Packetstorm, etc. Then I gave up, went to eat and try another box and shut everything down. I then followed the path that I was using before, but instead just asked for the directory, set it, saved, quit then used s** to get in.
I honestly believe there was something wrong with the box for the past few hours as I was doing the same technique for hours upon end with no joy
Edit* I was stuck on the automated exploit - just make sure you are paying attention to case…uhhhh