Celestial hint

@wilsonnkwan said:
not sure if this is a spoiler, I did get the output for root.txt but not with root access, anyone else managed to fully escalate yourself? DM me.

Technically, you had root access. You just didn’t bother to get a shell.

@wilsonnkwan said:
Big Hint - the Invalid user type is not important. But I also need help, how to get r00t?

I can’t get the reverse shell though. I’ve read that some users could, even with the error message invalid user type.

Now I get the normal response, but the reverse shell isn’t working.

I also have reverse shell read own user but i need help about own system ? please any help ? :slight_smile:

Can I PM someone about the payload? Really have trouble here, it looks like I’m missing something. It should work since I followed the article.

Can someone PM me a hint for root access? I’ve gotten in with user and ran enumeration scripts but im still stuck as to where to go from here

can someone please pm me a hint for the priv-esc i know that everything you need is in the box

Can someone PM me a hint for root access? I found the script but I’m still still stuck to how to use it .

@Lu1e said:
Can I PM someone about the payload? Really have trouble here, it looks like I’m missing something. It should work since I followed the article.

Same here, having issues with payload :angry:

can somone pm me on getting a shell atleast? i have NO IDEA what to do. cant find any useful informasjon. please help me

Fun little box, easy root once I stopped over thinking lol, if anyone needs a push in the right direction, feel free to pm :slight_smile:

@penumbra said:
Ignore, got it.

If you need a hint check out /var/log/syslog

This was the most helpful thing.

Feel free to PM for nudges

@MRKR said:

@Mnmnmnnm said:
Can I PM someone about the payload? Really have trouble here, it looks like I’m missing something. It should work since I followed the article.

Same here, having issues with payload :angry:

PM me if you need help with the payload.

@Pancakes said:
can somone pm me on getting a shell atleast? i have NO IDEA what to do. cant find any useful informasjon. please help me

You may have luck with reading up on the un-(incorrect spelling of breakfast food commonly put in a bowl with milk) bug.

ok. nice description

Rooted. I made it way harder than it really is.

Edit: Got root. My biggest hint is avoid using port 1337 since that’s what openvpn is using to connect… kept knocking myself offline like an idiot. PM me if you need help with this one!

This web app server running in this box is single threaded, so if one user exploits it and gets shell, it’s one threaded processing loop hangs on this particular request - thats why this machine is super unstable and “resetable”

@sh4nk said:
once you have enumerated enough

patience is the key with this one with priv esc !!

This got me thinking in the right direction and after that rooting the machine was easy.

why the port is filtered ,i cant reach the machine

[.] starting
[.] checking distro and kernel versions
[~] done, versions looks good
[.] checking SMEP and SMAP
[-] SMAP detected, no bypass available

working with priv esc :frowning:

UPDATE : Solved now … with full root reverse shell :slight_smile: