Jarvis

1246723

Comments

  • how are you guys learning that www-data is a user?

  • had fun on this box, very well done. loved the clues along the way. would pwn again.

  • Type your comment> @dm7500 said:

    I found s______.py, but when I try to run it with the -p option, it gives a syntax error. Is this intended, or am I doing something wrong?

    You're missing something.

  • @Fugl is right, check to see what you can do and try not to over think it.

  • edited June 2019

    Any tips for failed to enable / link unit even though it exists?

    EDIT: Rooted! My PrivEsc advice is make sure you have a full, valid shell and it should work no problem.

    Hack The Box

  • Nice box .. feel free to PM if you need a hint :)

  • edited June 2019

    Any tips for failed to enable / link unit even though it exists?

    got the same error. Driving me crazy :/

  • Type your comment> @awkward said:

    Any tips for failed to enable / link unit even though it exists?

    got the same error. Driving me crazy :/

    try moving the file somewhere else... where it makes sense... ;)

    "ClickmedotEXE"
    CISSP | OSCP
    arodtube

  • The ban hurts.... ):

  • It was a good box. I learned a lot, mainly about privesc.

    I am grateful for the help the @EternalB1ue and the @kfupm

  • If anyone can help on s**********y bypass, that would be really good. I have been trying a lot of methods but don't find anything.

    Hack The Box

  • edited June 2019

    Nice privesc! :) Thought it would be simple but it turned out trickier than I thought, which is a welcome surprise!

    Not a fan of the phase from initial foothold to user though...

    Some tips: (again if mods feel this is too spoilery please feel free to edit)
    Initial foothold: If I gave you a CTF web problem that asks you to search something, what's the first thing you should try?

    User: Google around for some bypasses

    Root: Just blindly following a certain well known website won't give you everything, there's more to it than what's given.

    As always, DM me for more tips!

  • edited June 2019

    rooted!

    funny box with basics from beginning to end

    feel free to PM for hints, but only if you show me what you tried (and try harder)

    BTW when editing the comment i get Unknown column 'Active in 'field list' in this forum. is it vulnerable to something?

  • rooted!

    funny box with basics from beginning to end

    feel free to PM for hints, but only if you show me what you tried (and try harder)

    BTW when editing the comment i get Unknown column 'Active in 'field list' in this forum. is it vulnerable to something?

  • IDK why I got ban for 90 seconds after machine reset -_-

  • edited June 2019

    Thanks to @wisd for the tip.

    Clue for initial foothold:
    image

    When you are trying to buy the dip

  • I have low shell and Im stuck with www-**** can someone give me pointers

    OSCP
    el3ctr0

  • Nice Box !

    User : Nice privesc w*******a to user.

    root : Hard for me, I was in the good way but I lost time... Enumerate ;)

    I learn a lots for the root
    thx for this box

    DM me if you need ;)

  • After digging myself into a hole, I got user and root in quick succession.

    I definately learned alot about linux service management on this one. Kudos to the box creators, it was fun

  • Taught me something new, thanks so much for the box manulqwerty and Ghostpp7 \m/

  • Thanks to @albertojoser for tips that pointed me in the right direction and got me unstuck.

    I didn't get banned despite all my efforts - so still not sure what would trigger that?

    For root - comment by @rub1ks (my thanks) pretty much tells you how.

  • rooted. had to restart it, because I couldn't get a stable shell which - in my case - is a must to root this machine.

    Hack The Box

  • Rooted, if anyone needs help, DM me :)

    Xess

  • I didn't get banned despite all my efforts - so still not sure what would trigger that?

    I won't post the exact specifics, but from looking at the code it appears that you have to make X number of requests which are flagged within Y seconds. If that happens, you'll get a 90 second ban.

    Basically, a targeted attack is more likely to work than having an automated tool send a bunch of random probes which is likely to trigger the ban.

  • @ad1337 said:
    rooted. had to restart it, because I couldn't get a stable shell which - in my case - is a must to root this machine.

    Depending what point you're at in the process, you can potentially also echo a key into authorized_hosts at which point you can just ssh in.

  • any nudge for initial foothold would be appreciated.

  • Hint for foothold:
    Scope out the entire hotel, don't forget to check every "room" ;)

    rub1ks
    Find me on Discord: rub1ks #4045

  • Wow, Jarvis is fun, but I can't make much progress. The server is getting beaten too badly by people. Crawls, then gets reset, crawls, reset, etc. Guess I can wait until things calm down. Or go VIP again. I'm not going to spoil anything, but here's a tip. If you look up Infoblox NetMRI 7.1.4 Shell Escape / Privilege Escalation, you might just learn something, about yourself ;) no not really, more about shells.

  • This was a good one... Learnt alot... Can PM me for help if you want

  • checked each one of them, but still stuck

Sign In to comment.