Jarvis

145791023

Comments

  • edited June 2019

    I have no idea what I am doing wrong at the privilege escalation. I always get a "Failed to link/enable unit" error....

    Edit: thanks to @l0lxD I was finally able to get root. Do not blindly follow the tutorial. You won't need every step.

    cortex42

  • @palaziv what tutorial?

  • @igaralf you will find it once you know which thing to exploit

    cortex42

  • really interesting answer....

  • There are enough hints in this thread. Sorry, but I can not mention the page without spoiling everything.

    cortex42

  • I got shell was w**-***a user and i have found s______.py but i can't bypass those forbidden characters! I really have no clue of what other characters i can use to accomplish what i need to :-/
    Can anyone point in the right direction?

  • Type your comment> @snox said:

    I got shell was w**-***a user and i have found s______.py but i can't bypass those forbidden characters! I really have no clue of what other characters i can use to accomplish what i need to :-/
    Can anyone point in the right direction?

    There are both a bunch of less obvious hints as well as a couple links to the answer to this question in this thread if you just read back through it. ;)

  • I> @deviate said:

    Type your comment> @snox said:

    I got shell was w**-***a user and i have found s______.py but i can't bypass those forbidden characters! I really have no clue of what other characters i can use to accomplish what i need to :-/
    Can anyone point in the right direction?

    There are both a bunch of less obvious hints as well as a couple links to the answer to this question in this thread if you just read back through it. ;)

    I did, but i couldn't make sense of it... until now! :-P
    I had no idea that method existed! Thanks @TigaxMT for pointing me in the right direction.

  • can someone help me i am stuck in the rooms

  • Type your comment> @marki2121 said:

    can someone help me i am stuck in the rooms

    Several classes of vulnerabilities are related to code accepting user input and not properly validating or sanitizing that input. How can you provide input to scripts on this site? If you play with those inputs, can you cause errors or unexpected behaviors? If so, what might that mean?

  • I am root!!
    Feel free to pm me,if you need any help.

  • ROOTED! Thanks @d3ck4rd and @picaro for the hints.

    If you need help ping me

    TigaxMT

  • Rooted. Thanks @lonewolf and @picaro for the hints.

    There are many hints in this topic, especially for the user ... so I am going to nudge especially for root: The way to get root is to use a similar type of vuln as the one you used to get the user (p****r). Your enum scripts and a two-minute google search will give you what you will need for r00t.

    P.S For the love of God, don't reset the machine because "You have been banned for 90 secs".

    Revolution

  • can someone pm me for user

  • edited June 2019

    I am stuck on the initial foothold:

    I found:
    Cookie Without H*** O*** Flag
    p**M*A**** CSRF
    Tw * g Server Side Template Injection

    but still stuck. any tips?

  • For anyone struggling with user and the s********y, i say, go back to your initial thinking about the reason you believe you can take advantage of it and make sure u understand what exactly means the clue that you found/read at the enumeration stage.

  • Ayy!! finally got root thanks to @MrBeardFace and @palaziv. Pretty cool box... path to root was interesting as hell

  • Type your comment> @vmonem said:

    I am stuck on the initial foothold:

    I found:
    Cookie Without H*** O*** Flag
    p**M*A**** CSRF
    Tw * g Server Side Template Injection

    but still stuck. any tips?

    Hey!! Maybe you are looking at this too deep.. Try and zoom out.. look at some other very blatant parts of the page... Maybe explore the Sta** Hote*... Walk down the halls.. search each room.

  • Stuck as w**-***a. Need to escalate to user. Can anyone help ?

  • I'm stuck at s*****r.py, trying to execute commands but I'm not finding any solution. Can someone PM me?

  • Rooted.

    Root had me confused a bit. User was pretty straight forward.

  • edited June 2019

    B A N N E D
    really, wtf, two hours elapsed, and i'm still banned

  • My reverse shell doesn't work :(

  • Type your comment> @Dutch said:

    My reverse shell doesn't work :(

    Nevermind, I got fully interactive shell as w**-d***, but no access to flag

  • Type your comment

  • edited June 2019

    Hi all,

    I need a hint for starting; is r____.php?__= the right path?

  • any hints for running s********y as p****r using the command s**o. I just get permission denied.

  • Type your comment> @p1azm0id said:

    B A N N E D
    really, wtf, two hours elapsed, and i'm still banned

    The ban lasts 90 seconds. If you’re getting a ban message on the high port, you can read more about that in my past replies.

  • edited June 2019

    Spoiler Removed

  • Type your comment> @FlompyDoo said:

    any hints for running s********y as p****r using the command s**o. I just get permission denied.

    Any hint? I'm stuck at the same point

Sign In to comment.