Celestial hint

I keep getting the invalid username type. Can anyone give me a hint or pm me?

Hi guys, fifth day on this machine, I have the user flag and now I’m focusing on the priv esc … I thought I was on the right track but obviously it does not work and I have no other ideas, could someone help me?

Celestial rooted, learned a lot a lot from this box, getting initial hold was difficult compared to root lol, root is really easy if we are alert enough to see what the box is showing us. Any hints needed anyone can DM me or can hit me up on discord at [Ruthvik#7626] Good luck Everyone !!

Was able to get user/root on this machine. If anyone needs a nudge feel free to message

Someone Leaked The root flag at home directory :expressionless: extremely sad. got rooot at just user access.

Why is this box so unstable? I got shell easily and cant do much else because by the time I run 2 or 3 commands the box is hosed and shell dies

Sooo… got user, I see the timestamp change, and I can see the script that writes to that file. But when I change that script to my liking (i.e., open a reverse shell), nothing happens, and the script reverts to its original, including the timestamp. Which means it must be copied from somewhere, right? Well I haven’t been able to find it. I feel this is the last step on my way to root. Hints are welcome.

nevermind… I was on the right track all along, just a stupid syntax error. This was a fun machine.

any help to install npm and cookie parser because i tried and always get this error when lunching the server.js

Error: Cannot find module ‘cookie-parser’
at Function.Module._resolveFilename (module.js:536:15)
at Function.Module._load (module.js:466:25)
at Module.require (module.js:579:17)
at require (internal/module.js:11:18

@sazouki said:
any help to install npm and cookie parser because i tried and always get this error when lunching the server.js

Error: Cannot find module ‘cookie-parser’
at Function.Module._resolveFilename (module.js:536:15)
at Function.Module._load (module.js:466:25)
at Module.require (module.js:579:17)
at require (internal/module.js:11:18

I get the same thing. Can any one PM me?

You don’t need cookie-parser

@melka said:
You don’t need cookie-parser

correct no need for that i got the user shell

any help for priv esc ? i found script running and an output text but im stuck with it
pls pm for hint

there’s actually no need for privesc to get the root hash on this one if you do a bit of forensic work… still worth learning how to exploit it though imo

rooted …happy i got root reverse shell also

This box is a nightmare. Been trying to exploit the vuln but everytime I launch anything, the box fails and I get an Unable to connect to 10.10.10.85 :confused:

Is anyone in the same situation?

This was such a great box. Learned some things, so thanks to @3ndG4me for the challenge. Took a few tries, but eventually with some helpful hints in here I got root.

Shout out to the vid that helped me get a shell. Grazie, Andrea.

Got root and user !! Easy box !! PM for help!!

hi
i got user
and i know the file to edit to get root but vi dosen’t work
any idea ?

@Txos1 said:
hi
i got user
and i know the file to edit to get root but vi dosen’t work
any idea ?
try echo “commands” > filename.py