Saturday, March 14, 2020
Postman – HackTheBox Machine Walkthrough
Postman machine from HTB places in easy machines category still the method is difficult unless you not using Metasploit directly.
In Nmap scanning I found port 22, 80, 6379 -TCP / redis and 10000 -TCP is open. You need to scan all ports otherwise port 6379 will not display.
Radis Enumeration & Exploit
After Nmap scanning is done we found port 6379 and port 10000 are interesting so after some work, I found on 10000 port there is the Webmin login page. On port 6379 which name is redis, I find on google about radis and I got 1 interesting link-
Redis Enumeration:- https://book.hacktricks.xyz/pentesting/6379-pentesting-redis
Using these commands you can make script or use them directly.
After using that script I can access Redis shell. In-home directory we can see the user name is Matt
After using LinEnum script & searching some directories got ssh RSA key in /opt Directory.
We need to crack this key so we can use ssh2john.py tool then crack that key using john tool with rockyou.txt
# python3 /usr/share/john/ssh2john.py key.txt > loll
#john --wordlist (rockyou location) ( filename )
The password is computer2008 & the user is Matt.
Webmin Exploit Using Metasploit
There are many exploits of webmin. After using packageup remote exploit got root access.