Jarvis

11718192123

Comments

  • Rooted!

    Thank you to @pmi for setting my sudo syntax staight :)

    Feel free to PM me if you need a hint.

  • edited October 2019

    Any idea about Failed to link unit: The name org.freedesktop.PolicyKit1 was not provided by any .service files ???

    i tried the full path too but i get Failed to link unit: No such file or directory

    What am i missing ?

    EDIT: rooted thanks to @garffff for helping me correcting my syntax

    Advice don't enable the service from the /tmp directory because it gives that errors above try to enable it from the user directory.

  • Rooted. Leaned a lot about services. A TON of googling helped me

  • edited October 2019

    Great box, quite straight forward in hindsight.
    Could someone PM me on the initial foothold. I think I did it "wrong". People keep mentioning the hotel rooms, but I ignored them completely.

    nvm. atleast kozak did it like me.

    Blaudoom
    Discord: Blaudoom#1254

  • Wow this was tough.. for a newb like me. I was able to figure out the creds on my own but they where not needed. Then I managed to upgrade my shell alone. But after that I needed hints and help Thank you to @sl0w and @garffff couldnt have done it without you and I did learn a lot of cool stuff as well as added good links to the folder.. Will be studying more on these subjects..

    id
    uid=0(root) gid=0(root) groups=0(root)
    whoami
    root

    Hack The Box

  • Rooted - root was easier than user imo. I spent too much time on getting from initial access to user, felt like I was going mad at one point. Some good lessons learnt - nice box! DM if anyone wants help.

  • R0oTed !!!!

    Lot of hints on this forum, want root then read forum carefully...!!

    [email protected]:/root# id
    id
    uid=0(root) gid=0(root) groups=0(root)

  • Thank you @d0n601 , that gave me the last push to root.

    "Tip for root: copy your public key into authorized_hosts and just ssh in. I was unable to modify the system administration stuff from my reverse shell. I ssh'd in properly, and the same exact steps worked perfectly."

    I've only done a few boxes but so far this one has been the most fun one.

    Watskip

    < Soli Deo Gloria >

  • So I was able to get the user hash without actual getting a full shell for the user. Is that a valid own? Not sure if I can put how I did that on the board so DM for breakdown. Still new to this

  • edited October 2019

    Type your comment> @qmi said:

    @voidhofer said:

    sudo . Always try the most obvious first

    Yep. That was my first attempt but it does not work without a password. Tried with multiple shells, also tried with different versions of python, still no luck.

    For that command, AFAIR, you don't need to specify password. It's been some time ago when I did that box, but for me it did not require password. I managed to log on via SSH keys.Once you are user, you can try the following:

    sudo -u p****r /var/www/Admin-Utilities/s*****r.py -p

    after the prompt, specify the command you like to have run under the p****r user privs by using a special Bash shell magic ;-) . It's in the Bash docs among how to run external commands as a subshell.

    Hope this is not a spoiler

    I'm using this method exactly, but any commands I run via the technique described at https://packetstormsecurity.com/files/144749/Infoblox-NetMRI-7.1.4-Shell-Escape-Privilege-Escalation.html still end up running as w-d - tried nc, tried a revshell binary, even tried writing whois to a file. Insanely frustrated, not even clear on what to google at this point.

  • edited October 2019

    Rooted. Very fun box. I spent 2-3 days for initial foothold. I never used s*l**p before, so on one of the pages I got a positive result and to be honest I don't know why the tool didn't work on other pages but worked on that one, may be someone can explain me because I think I am weak at web part of the game. After that was easy and straight forward. Thanks to the creator of the machine.

  • If you keep getting a shell under w-d, dont use the python command...just go straight for the script. I lost couple of hours because of this since it was running the 'python' command under pepper but not the actual script.

    OSCP

  • jarvis seems down anybody facing same issue ?? or its my internet

  • What an awesome box this was. Getting user was pretty straight forward if properly enumerated. However, the Root part is bit tricky.

    Feel free to knock me for Hints/nudges :)

  • Rooted. Box is pretty straightfoward. Thanks to @darkkoan for reminding me to read enum results very thoroughly.
    I had one issue though. when i got into **pr, I could not see the output of my terminal commands. Had the create another nc session. Then, in that nc session, after getting interactive shell, I could not run vi or nano properly. Can anyone help me understand this? Had to write files using cat

  • Could someone walk me through the beginning of the box please? Feel free to shoot me a PM. Thanks :)

  • A taff box! My first Medium Box actually and finally rooted with a lot of help my new fried @Freak2600... thank you man.

    If you appreciate my help, please give +1🌟

  • Type your comment> @vider said:

    A taff box! My first Medium Box actually and finally rooted with a lot of help my new fried @Freak2600... thank you man.

    Anytime.

    Hack The Box

  • scanned the box more than 10 times not getting a meaningful result, is there a special way of scanning???

  • Hey guys, I have been searching the rooms for quite some time and haven't gotten any useful information. What am I looking for? A ZAP scan showed me there is a possible sql injection vulnerability, but nothing has returned anything useful. Any help is appreciated.

  • Hi to all. Got a user. Got a stable shell. I can not get root access. Please help me. I read all the tips but it doesn’t work. PM me please.

  • Can anyone explain to me why when i try to run the script with s*** -u p****r it asks for w**-***a password? i've tried upgrading shells but still get the same thing...

    I start by getting a restricted shell by s****p tool and i get the os-shell, after that get run netcat stuff to get a shell, and then get a tty with python command (python -c 'import pty; pty.spawn("/bin/bash")'

    but no matter what, I still get a prompt asking for w**-***a password when trying to run the script with s*** -u p****r.

    please if someone knows why this is happening please pm me i'm gonna go crazy

    Hack The Box

  • I am having a lot of trouble with the initial foothold. I have searched all the rooms but found nothing. I read through all the posts in this forum and I am still stuck. I tried sql injection but got no where. Can someone PM and give me a hint?

  • Rooted. Very interesting box. If you need some help, feel free to PM me.

    Hack The Box

  • Hello! I'm working on Jarvis and I'm having trouble getting a shell as p****r from the s******.y script. I wrote a script that makes a netcat connection to my machine and call it like using the $ method when the s******.y asks for input. I get a shell on my machine, but as w-d***. How can I make it run as p****r? I thought running s******.*y with sudo before might work, but it asks for w-d*** password. Any hints will be much appreciated

  • Type your comment> @GlenRunciter said:

    Can anyone explain to me why when i try to run the script with s*** -u p****r it asks for w**-***a password? i've tried upgrading shells but still get the same thing...

    I start by getting a restricted shell by s****p tool and i get the os-shell, after that get run netcat stuff to get a shell, and then get a tty with python command (python -c 'import pty; pty.spawn("/bin/bash")'

    but no matter what, I still get a prompt asking for w**-***a password when trying to run the script with s*** -u p****r.

    please if someone knows why this is happening please pm me i'm gonna go crazy

    U have to specify the script path after s*** -u p****r

  • zdfzdf
    edited October 2019

    [email protected]:/#
    Very interesting box.
    I learned a lot of new methods.

    Thanks to @21y4d for giving me some little guides :)

    FootHold : Pretty easy, Find the "Data Container" sub-directory in the website then think of the tools a script kiddie would use to exploit it to get the data. After that think of the ways you could get yourself a 'black window'

    User : Find the script and think of what would happen if "the user input function returned different data"? Google will help you with this quotation!

    Root : Simple Enumerating, Focus in the "interesting" file/configuration and then create a new job for it .... simply gtfo :p

    Hack The Box

  • After read the code of the file (you know what file I mean), I found the "forbidden characters".... now the question is, how the hell I find the way to use a script without this characters and get the user prompt so many days in this point...

  • i'm stuck at the s*****r.** part of priv esc, how to escape the -p?

  • Got user yay; working on root

    @Keroseno said:
    After read the code of the file (you know what file I mean), I found the "forbidden characters".... now the question is, how the hell I find the way to use a script without this characters and get the user prompt so many days in this point...

    Some ppl have already linked to a page which includes a way around it

    Read the "proof of concept" section carefully

Sign In to comment.