Jarvis

11718202223

Comments

  • Any pointers on getting privesc to p****r? Plz PM me..

  • Yes finally got root ^^ . Getting the user actually took me a lot longer for some reason xD nice box but,learned a lot.

  • someone reset it for me! lolz apparently i've reset the box too much today

  • edited October 2019

    Just rooted. Fun box!

    Tips - which are already here somewhere:

    Foothold: Check all the rooms thoroughly.
    User: it's not always what you're running, its where you're running it from.
    Root: Enumerate thoroughly for the user and make sure you have a proper shell.

    Also, thanks to @FailWhale for the nudge when I needed it!

  • Escalating to P****r was a bit squirrelly, but I always enjoy leveraging that type of vulnerability when I come across it. I don't think I got user in the most efficient way, so I'm open to anyone messaging me to compare notes. Root was ez-pz and unique.

    Hints:
    User: Infoblox NetMRI 7.1.4 Shell Escape
    Root: https://gtfobins.github.io, this github site is truly special. I'm surprised there isn't one for common binaries found on Windows machines

  • edited October 2019

    Finally rooted this beast..i give @Phillarby all the glory, thanks bro, i was ready to give up on this one..and @letMel00kDeepr for user..thanks dude :)

    I cant say more than whats allready been said, but i will say to those struggling with root..KISS dont overthink it like i did or its rabbit holllymolly..

  • I am horrendously stuck at user. Have shell at w**-d***, but have no idea how to use s******.py. Any help would be greatly appreciated!

  • edited October 2019

    Removed

    Hack The Box

  • nvm got a shell as w**-d***. Now working for user. Any pointer would be great!

    Hack The Box

  • Got into admin panel, but can't figure out how to get a shell from here. Been stuck for ages so a helping hand would be much appreciated

    • OSCP -
  • nvm. Go it now :)

    • OSCP -
  • edited October 2019

    NVM.

  • Type your comment> @qmi said:

    Type your comment> @jayjay25 said:

    Any help on user? I've looked up infoblox rmi and can execute commands through the script but they run as w-d instead of p****** as i'm executing the script ..I'm missing something simple here?

    Try privesc to user p****r with the most used method on Linux. It'll run any command for you as that user.

    Could you please elaborate on this? The "most used method" I can think of will not work without having user passwords...

  • edited October 2019

    Hey there. This might seem lame but I managed to get the user flag by executing some commands. However I horribly fail to spawn a shell as that certain user. Is it possible to do so? Is it required in order to escalate to root?

  • I receive a ban each time I try to use some common tool to enumerate and obtain an os-shell, why??

  • i got stuck on w-d.
    i already found simpler.py but i didnt figure out how to get pepper shell please DM for help tks

  • @voidhofer said:

    Try privesc to user p****r with the most used method on Linux. It'll run any command for you as that user.

    Could you please elaborate on this? The "most used method" I can think of will not work without having user passwords...

    sudo . Always try the most obvious first

    Regards,
    qmi

  • Type your comment

  • "Hey you have been banned for 90 seconds, don't be bad " for hours now... anyone know why Im getting banned forever it seems like. haven't been able to do anything to the machine for hours.

  • Type your comment> @qmi said:

    @voidhofer said:

    Try privesc to user p****r with the most used method on Linux. It'll run any command for you as that user.

    Could you please elaborate on this? The "most used method" I can think of will not work without having user passwords...

    sudo . Always try the most obvious first

    Yep. That was my first attempt but it does not work without a password. Tried with multiple shells, also tried with different versions of python, still no luck.

  • Type your comment> @iQimpz said:

    "Hey you have been banned for 90 seconds, don't be bad " for hours now... anyone know why Im getting banned forever it seems like. haven't been able to do anything to the machine for hours.

    Try stopping your automated tests and clear browser cache. In my case F5 (or Ctrl/Cmd+Shift+R) was enough to solve the problem.

  • Finally managed to get root. Great machine, managed to learn a lot out of it. However, since I am relatively new to all this , would someone be kind enough to PM me and explain why the last step works that way? No need to post any hints etc since the posts here have pretty much everything covered.

  • i got stuck on w-d.
    i already found simpler.py but i didnt figure out how to get pepper shell please DM for help tks
  • I am horrendously stuck at user. Have shell at w**-d***, but have no idea how to use s******.py. Any help would be greatly appreciated!

  • Rooted!
    Tips -
    Initial Foothold - classic enum > OWASP top 10 > explore the options of your tool.
    USER - search for a script with appropriate permissions > escape forbidden characters (there is one technique that isn't forbidden)
    ROOT - enum again > then focus in and correct your syntax

    Any questions feel free to PM me!

  • Finally rooted!
    Tips :-
    User -> Attract the shell by the power of dollar :P
    Root -> gtfo i am not gonna tell you :p
    if you are still stuck at some point feel free to ping me up for hints or solution :)

  • Could I have some help on getting s******.*y? I know that I have to use some special character but I don't know which one

  • Awesome box, got hung up on stupid mistakes for a couple hours. Nothing in this guy is too complicated, just double check your enumeration and make sure to read all the other hints on here. Pretty straightforward path to root.

  • Spoiler Removed

    Regards,
    qmi

  • r00ted!!

    Foothold:
    Enumerate and map an OWASP to 10 veteran

    User:
    Standard enum script will show you have been allocated the power! Now find out how to bypass the restrictions and unleash the beast!

    Root:
    Previous enum should show a powerful misconfiguration GTFO bins will help but steer clear of a well know writable dir as it doesn't play nice

Sign In to comment.