Jarvis

17810121323

Comments

  • edited July 2019

    just rooted this great box :)
    the initial foothold took me a while, rest was very smooth and straight forward.

  • rooted fun and good box , i think i learned something :smiley:
    the first part, you need to get shell by exploit a web vuln and get the creds , login and get the shell
    a lil enumeration would be enough to bypass the filter in s*****.py and get user.txt
    the root not so hard just use google and everything will be fine :wink:

    pm me if you need more help
    Arrexel

    No Hack No Life ✌😒
  • Rooted ! What a fun box !

  • edited July 2019

    Rooted! Some hints:

    • User. (1) Exploit a classic web vulnerability in order to get some creds. (2) After using those creds, the only thing you need is to google. (3) Once you have a low priv shell, use a python script located somewhere to escalate your privileges (this part is a little bit tricky because of the "forbidden chars").

    • Root. Use the tipical enumeration script to see the entry point to priv esc. Once you see it, it is quite straightforward how to exploit it, just google a little.

    Funny box! PM me if you need a nudge

    Dez0

  • edited July 2019

    i need help!!!!
    i am user p****r, and i have my ******.s*****e in /t**.

    i run:

    sy******l lk $P/*******.s******e
    sy******l s***t ********

    and the output:

    Failed to link unit: No such file or directory
    Failed to start *******.s*****e: Unit ********.s******e not found.
    Failed to start transient service unit: The name org.freedesktop.PolicyKit1 was not provided by any .s****e files

    rubenix

  • Rooted. A straightforward box!

    Hack The Box

  • Type your comment> @rubenix said:

    i need help!!!!
    i am user p****r, and i have my ******.s*****e in /t**.

    i run:

    sy******l lk $P/*******.s******e
    sy******l s***t ********

    and the output:

    Failed to link unit: No such file or directory
    Failed to start *******.s*****e: Unit ********.s******e not found.
    Failed to start transient service unit: The name org.freedesktop.PolicyKit1 was not provided by any .s****e files

    systemctl doesn't get on well with /tmp folder

    Dez0

  • Just got root. Learned a lot on this box, especially the privesc.

  • Can someone help me a bit?
    I got the shell as p*****r via s*****r but no wan't echo any output.
    If i type ls, it just shows ls but not the folders.
    But I still can use cd, i just have no output for the commands.
    Maybe I did something wrong with the privEsc command.
    Little Help would be nice.
    Thanks :)

  • > Can someone help me a bit?
    > I got the shell as p*****r via s*****r but no wan't echo any output.
    > If i type ls, it just shows ls but not the folders.
    > But I still can use cd, i just have no output for the commands.
    > Maybe I did something wrong with the privEsc command.
    > Little Help would be nice.
    > Thanks :)

    Hey @mava, maybe you can spawn a new shell from your p******r shell. Just because you don't see the output doesn't mean the commands aren't executing :wink:

    check your available programs from your enumeration.

    https://blog.ropnop.com/upgrading-simple-shells-to-fully-interactive-ttys/#method2usingsocat
  • Rooted!
    Nice box learned a lot.
    Thanks to @v0yager :)

    Feel free if somebody needs help.

  • edited July 2019

    Rooted. Thanks to @BINtendo and @beorn . Let me know if you need any help.

    Hack The Box

  • Rooted!
    OSCP like machine.

  • Rooted.

    Some hint:
    user: like a web pt, there is a classic web vulnerability that you exploit with a known tool in which you can create an os-shell,after then you must study a python script and with a google search (shell escape) you bypass forbidden character;
    root : with a classic enumeration tool you find the way; use enable with absolute path and you must sure that your service/script have execution permissions.

  • Type your comment

    habtek

  • Type your comment> @v0yager said:

    > Can someone help me a bit?
    > I got the shell as p*****r via s*****r but no wan't echo any output.
    > If i type ls, it just shows ls but not the folders.
    > But I still can use cd, i just have no output for the commands.
    > Maybe I did something wrong with the privEsc command.
    > Little Help would be nice.
    > Thanks :)

    Hey @mava, maybe you can spawn a new shell from your p******r shell. Just because you don't see the output doesn't mean the commands aren't executing :wink:

    check your available programs from your enumeration.

    https://blog.ropnop.com/upgrading-simple-shells-to-fully-interactive-ttys/#method2usingsocat

    You should upgrade your shell, to more interactive shell, i think. I did it with python's pty.

  • @rubenix said:
    i need help!!!!
    i am user p****r, and i have my ******.s*****e in /t**.

    i run:

    sy******l lk $P/*******.s******e
    sy******l s***t ********

    and the output:

    Failed to link unit: No such file or directory
    Failed to start *******.s*****e: Unit ********.s******e not found.
    Failed to start transient service unit: The name org.freedesktop.PolicyKit1 was not provided by any .s****e files

    Bthw i got the same issue, not only in /t** dir, but really everywhere. So i think i'm stuck.I will appreciate any help provided)

  • Type your comment> @LetMeO said:

    @rubenix said:
    i need help!!!!
    i am user p****r, and i have my ******.s*****e in /t**.

    i run:

    sy******l lk $P/*******.s******e
    sy******l s***t ********

    and the output:

    Failed to link unit: No such file or directory
    Failed to start *******.s*****e: Unit ********.s******e not found.
    Failed to start transient service unit: The name org.freedesktop.PolicyKit1 was not provided by any .s****e files

    Bthw i got the same issue, not only in /t** dir, but really everywhere. So i think i'm stuck.I will appreciate any help provided)

    read more about s*ctl. it is configured weird so if you know the syntax it will allow you to drop something in the restricted folder.

    happy to say im a newb

  • rooted!!!!!
    any hint, pm
    thx for clue

    rubenix

  • Now that I just rooted the box I am very curious about how the foothold has been performed via PMA or the referenced room as I 'mapped' my way in.

    Besides that I enjoyed the box being straight forward ... enum, spot, research, exploit for all stages.

    Thanks!

  • edited July 2019

    Hi everyone. reverseoshell more user **** r obtained.Now go to the SYSTEM administrator.
    Tanks you all for the suggestions

    EDIT: Locked on Po **** k error.any help? pm please

  • Yay. Got Root. Thanks @bing0o for all the DM help, everyone else for the many many clues in this thread, and whichever user left a copy of the file I needed to copy to get root lying around ;)

    Now just to understand what I actually did :)

    emilkloeden

  • AA! Rooted!! :) if anybody need help, just PM me :)

  • I already red all the hints of this threat , but i'm stuck, i can't run s******py with another user p******s , i tried many tricks with sudo and su , but I can't, Someone has a nudge?

  • Root. Good box, rehash on some techniques I haven't needed in a while. Happy to give a nudge if you're stuck.

  • Struggling to get a foothold - examined rooms without much result. Any pointers? :-)

    NotSmartEnuf

  • Whats the difference between 6 and room 1.... are they truly = to each other.

  • If anyone can provide any hints i would appreciate a DM for this box.

  • Got root. Good box, very realistic. Learned for sy......l Thanks for creators and thanks @rubenix for help in my final step.

  • Hey All; Need some help with privesc from pepper to root. Can someone DM please. Been on this back way too long. Thanks!

Sign In to comment.