Jarvis

1235723

Comments

  • this hurts me... can some one give me a nudge pls. btw am at the beginning after decoding

  • finally got user thanks for the tips to @sirusthevirus and @KevinMoore

    OSCP
    el3ctr0

  • Rooted! Fun box, and learned a ton, especially during root.

    Thanks to all who helped.

  • I found s*****r.py and got stuck. Please give me a hint to solve the user(PM).

  • Rooted. Took longer than expected with work days lasting so long recently. Only worked on the box ~20-30 minutes at a time. Still, smooth and simple and I'm thankful for a break from some of these head banging machines.

    Props to @manulqwerty and @Ghostpp7 for rolling out a box that can teach a lot for people just getting into this stuff, while also keeping it concise enough that you don't tread too far away from the final objective. Kudos.

    There are some really great hints already here in the forum too. If you find yourself really struggling after too much "try harder-[ing]", then feel free to reach out if you need help, as well.


    Hack The Box
    defarbs.com | Retired Machine Writeups! - "Let me just quote the late, great Colonel Sanders, who said, 'I'm too drunk... to taste this chicken.'”

  • learned from this box, google is your friend b**h command substitution

  • Rooted. Fun and simple.

    Hints:

    • Check out OWASP top ten
    • How many ways can you think of for redirecting the output of one command to another?
    • Last step is pretty straight forward, but you'll need some Googling

    Feel free to PM if you're stuck

  • I'm such a newbie in solving machines. Can you tell me any retired machines that are lowkey similar to Jarvis, so I can watch Ippsec videos and learn from them

    Ukrainian.. whatever
  • edited June 2019

    back to the learning bench

    Ukrainian.. whatever
  • Ive waited 10 mins and even rebooted but the web page still says:
    "Hey you have been banned for 90 seconds, don't be bad"

    wiseguy

  • Type your comment> @WiseGuy said:

    Ive waited 10 mins and even rebooted but the web page still says:
    "Hey you have been banned for 90 seconds, don't be bad"

    you're hitting the machine with too much requests. check @deviate advice. try to go manual.

    happy to say im a newb

  • what's so cool about s*********y. if you run commands you're still w******a so why is that useful.

  • Type your comment> @FlompyDoo said:

    what's so cool about s*********y. if you run commands you're still w******a so why is that useful.

    On *nix systems, there are a couple different ways where when you run a program it actually executes as another user. Programs with those permissions by their very nature are often among the most interest targets when attempting to privesc.

  • Stuck in user.Do i need to focus on s******.py?

  • Rooted! Nice and fun box! Anyone who need a hint feel free to PM ;)

    Hack The Box

  • Type your comment> @picaro said:

    Stuck in user.Do i need to focus on s******.py?

    Yup,check the code and then look for a way to bypass it.

  • edited June 2019

    Rooted!

    Good box. Lot's of steps for an "easy" box but very straightforward.

    Foothold: aim well when taking a dump
    User: There's probably a few ways to do this. But my hint is remember to play with POSIX only. The command doesn't use bash
    Root: enumerate for a weird misconfiguration

  • Hi!

    I'm completely stucked on privesc, i think i've found the point with s*******l but not sure about how can i use it... if someone could help me with a link to some resources that could help me to privesc...

    Thanks!

  • Type your comment> @NightFury said:

    Hi!

    I'm completely stucked on privesc, i think i've found the point with s*******l but not sure about how can i use it... if someone could help me with a link to some resources that could help me to privesc...

    Thanks!

    Sent you a message.

    Red Team

  • Why on earth would someone change the codes in s******.*y - seriously why????????

  • I submitted a reset for the box but obviously it won't reset now that I've figured out how to get to user LOL - seriously if changing those codes was just to troll those who haven't got user yet, not cool man >:(

  • Rooted!
    hint for user, what cod you do?
    hint for root, can you ping out?
    PM for help

  • Damn I lost 2 days looking at the root privesc , nothing worked. One word of advice, always use absolute paths when working with service files.

  • Type your comment> @BlackNote said:

    Why on earth would someone change the codes in s******.*y - seriously why????????

    fixed with a reset ;)

  • edited June 2019

    Rooted! Jarvis was a pretty fun and straight forward box (now that I'm looking back) like most people said!

    User:
    There's some kinky stuff in this special room.
    So you're now trying to get user and you're stuck, take a step back and look at the big picture for your classic enumeration skills. (This goes for both parts, the simplest of commands should get you there).

    Root:
    Use your classic enumeration scripts.
    If a user can have control over root, bad things can happen.
    You can find an article that will be helpful. Take the instructions on there loosely, understand every aspect stated on there.

  • Got user
    Thanks @env
    Feel feel to PM for user
  • hint for user olease

  • I could use a nudge on root if anyone is available. I'm fairly green on privesc techniques, I have some ideas, but I'm not sure if I'm anywhere near the right path or how to execute on those ideas.

  • I"m stuck on initial foothold. I'm thinking I"m looking in the right place but I can't figure out what to do. Can anyone pm me please?

  • Great box - thanks for the easter egg at the end.

Sign In to comment.