Celestial hint

there’s actually no need for privesc to get the root hash on this one if you do a bit of forensic work… still worth learning how to exploit it though imo

rooted …happy i got root reverse shell also

This box is a nightmare. Been trying to exploit the vuln but everytime I launch anything, the box fails and I get an Unable to connect to 10.10.10.85 :confused:

Is anyone in the same situation?

This was such a great box. Learned some things, so thanks to @3ndG4me for the challenge. Took a few tries, but eventually with some helpful hints in here I got root.

Shout out to the vid that helped me get a shell. Grazie, Andrea.

Got root and user !! Easy box !! PM for help!!

hi
i got user
and i know the file to edit to get root but vi dosen’t work
any idea ?

@Txos1 said:
hi
i got user
and i know the file to edit to get root but vi dosen’t work
any idea ?
try echo “commands” > filename.py

Rooted! LOL

@sazouki said:

@Txos1 said:
hi
i got user
and i know the file to edit to get root but vi dosen’t work
any idea ?
try echo “commands” > filename.py

when i try echo it give me syntax error

got it …
thanks to all of you

Rooted it.

Feel free to pm me, if you need a hint.

@Txos1
use nano or see any one of ippsec videos to get a python pty shell and then editing will work fine.

@Txos1 said:
hi
i got user
and i know the file to edit to get root but vi dosen’t work
any idea ?

wget the same file from(with desired changes) your local machine’s apache server :slight_smile: (editing locally will work fine) and you’ll be just downloading it from the local machine to the celestial box

If you have a good enum, you can easily solve this box. PM me if you want me to verify your finding.

I got root, but it was honestly a bit of guesswork. If anyone could PM and explain exactly how everything worked, I would really appreciate it!

module.js:549
throw err;
^

Error: Cannot find module ‘node-serialize’
at Function.Module._resolveFilename (module.js:547:15)
at Function.Module._load (module.js:474:25)
at Module.require (module.js:596:17)
at require (internal/module.js:11:18)
at Object. (/home/s3ns3/Htb/Boxes/Celestial/log.js:4:17)
at Module._compile (module.js:652:30)
at Object.Module._extensions…js (module.js:663:10)
at Module.load (module.js:565:32)
at tryModuleLoad (module.js:505:12)
at Function.Module._load (module.js:497:3)

can anyone pm me and help me with this? i tried to reinstall npm also didnt work

on the user own step, be sure to configure correctly the listener.

There are multiple ways to get # on this one guys. If one doesn’t work - try to find another way… I have found at least two ways of doing it… BTW, the solution to this one is really easy… it’s right in front of you…

So this is my first box and I’m really stuck… I’ve followed the article people have referenced here and know that it’s meant just as a starting point, but I’m not sure where to go from there. Can I PM someone to point me in the right direction?

Edit:

I have some questions about modifying a file in order to print the root.txt.

Which editor should I use? Vi? How to i write/exit it, since the exit keys aren’t working as in normal terminals… Can someone pm me?