Celestial hint

@melka said:
You don’t need cookie-parser

correct no need for that i got the user shell

any help for priv esc ? i found script running and an output text but im stuck with it
pls pm for hint

there’s actually no need for privesc to get the root hash on this one if you do a bit of forensic work… still worth learning how to exploit it though imo

rooted …happy i got root reverse shell also

This box is a nightmare. Been trying to exploit the vuln but everytime I launch anything, the box fails and I get an Unable to connect to 10.10.10.85 :confused:

Is anyone in the same situation?

This was such a great box. Learned some things, so thanks to @3ndG4me for the challenge. Took a few tries, but eventually with some helpful hints in here I got root.

Shout out to the vid that helped me get a shell. Grazie, Andrea.

Got root and user !! Easy box !! PM for help!!

hi
i got user
and i know the file to edit to get root but vi dosen’t work
any idea ?

@Txos1 said:
hi
i got user
and i know the file to edit to get root but vi dosen’t work
any idea ?
try echo “commands” > filename.py

Rooted! LOL

@sazouki said:

@Txos1 said:
hi
i got user
and i know the file to edit to get root but vi dosen’t work
any idea ?
try echo “commands” > filename.py

when i try echo it give me syntax error

got it …
thanks to all of you

Rooted it.

Feel free to pm me, if you need a hint.

@Txos1
use nano or see any one of ippsec videos to get a python pty shell and then editing will work fine.

@Txos1 said:
hi
i got user
and i know the file to edit to get root but vi dosen’t work
any idea ?

wget the same file from(with desired changes) your local machine’s apache server :slight_smile: (editing locally will work fine) and you’ll be just downloading it from the local machine to the celestial box

If you have a good enum, you can easily solve this box. PM me if you want me to verify your finding.

I got root, but it was honestly a bit of guesswork. If anyone could PM and explain exactly how everything worked, I would really appreciate it!

module.js:549
throw err;
^

Error: Cannot find module ‘node-serialize’
at Function.Module._resolveFilename (module.js:547:15)
at Function.Module._load (module.js:474:25)
at Module.require (module.js:596:17)
at require (internal/module.js:11:18)
at Object. (/home/s3ns3/Htb/Boxes/Celestial/log.js:4:17)
at Module._compile (module.js:652:30)
at Object.Module._extensions…js (module.js:663:10)
at Module.load (module.js:565:32)
at tryModuleLoad (module.js:505:12)
at Function.Module._load (module.js:497:3)

can anyone pm me and help me with this? i tried to reinstall npm also didnt work

on the user own step, be sure to configure correctly the listener.

There are multiple ways to get # on this one guys. If one doesn’t work - try to find another way… I have found at least two ways of doing it… BTW, the solution to this one is really easy… it’s right in front of you…