Celestial hint

16781012

Comments

  • Big Hint - the Invalid user type is not important. But I also need help, how to get r00t?

    wilsonnkwanl

  • not sure if this is a spoiler, I did get the output for root.txt but not with root access, anyone else managed to fully escalate yourself? DM me.

    wilsonnkwanl

  • @wilsonnkwan said:
    not sure if this is a spoiler, I did get the output for root.txt but not with root access, anyone else managed to fully escalate yourself? DM me.

    Technically, you had root access. You just didn't bother to get a shell.

  • @wilsonnkwan said:
    Big Hint - the Invalid user type is not important. But I also need help, how to get r00t?

    I can't get the reverse shell though. I've read that some users could, even with the error message invalid user type.

    Now I get the normal response, but the reverse shell isn't working.

  • I also have reverse shell read own user but i need help about own system ? please any help ? :)

  • edited July 2018

    Can I PM someone about the payload? Really have trouble here, it looks like I'm missing something. It should work since I followed the article.

  • Can someone PM me a hint for root access? I've gotten in with user and ran enumeration scripts but im still stuck as to where to go from here

    gwizwold

  • can someone please pm me a hint for the priv-esc i know that everything you need is in the box

  • Can someone PM me a hint for root access? I found the script but I'm still still stuck to how to use it .

  • @Lu1e said:
    Can I PM someone about the payload? Really have trouble here, it looks like I'm missing something. It should work since I followed the article.

    Same here, having issues with payload :angry:

  • can somone pm me on getting a shell atleast? i have NO IDEA what to do. cant find any useful informasjon. please help me

  • Fun little box, easy root once I stopped over thinking lol, if anyone needs a push in the right direction, feel free to pm :)

  • @penumbra said:
    Ignore, got it.

    If you need a hint check out /var/log/syslog

    This was the most helpful thing.

    Feel free to PM for nudges

    Arrexel

  • @MRKR said:

    @Lu1e said:
    Can I PM someone about the payload? Really have trouble here, it looks like I'm missing something. It should work since I followed the article.

    Same here, having issues with payload :angry:

    PM me if you need help with the payload.

  • @Pancakes said:
    can somone pm me on getting a shell atleast? i have NO IDEA what to do. cant find any useful informasjon. please help me

    You may have luck with reading up on the un-(incorrect spelling of breakfast food commonly put in a bowl with milk) bug.

    Hack The Box
    Follow me on Twitter: @C_3PJoe

  • ok. nice description

  • Rooted. I made it way harder than it really is.

    Hack The Box
    Follow me on Twitter: @C_3PJoe

  • edited July 2018

    Edit: Got root. My biggest hint is avoid using port 1337 since that's what openvpn is using to connect... kept knocking myself offline like an idiot. PM me if you need help with this one!

    Hack The Box

  • This web app server running in this box is single threaded, so if one user exploits it and gets shell, it's one threaded processing loop hangs on this particular request - thats why this machine is super unstable and "resetable"

  • @sh4nk said:
    once you have enumerated enough

    patience is the key with this one with priv esc !!

    This got me thinking in the right direction and after that rooting the machine was easy.

  • why the port is filtered ,i cant reach the machine

  • edited July 2018

    [.] starting
    [.] checking distro and kernel versions
    [~] done, versions looks good
    [.] checking SMEP and SMAP
    [-] SMAP detected, no bypass available

    working with priv esc :-(

    UPDATE : Solved now ... with full root reverse shell :-)

  • edited July 2018

    Rooted - interested to know what other methods exist though.

  • stuck trying to get root? tried the running the repeater and get the following: undefined + undefined is NaN ?? could use some help.

  • Okey, gonna put a great hint here and try not to give spoiler on the root.txt.

    Once you are in, you need to modify a file which allows you to run command as root. When I did it that time, I used to for transport rather than escalation. For some who has been asking whether to have a full escalation, technically it is possible. Think venom... and reverse....

    I didn't go that step because I just wanted to capture the root flag, so I cut short the process.

    wilsonnkwanl

  • Any hints about the prev esc ?

  • @Klamby said:
    Rooted - interested to know what other methods exist though.

    If you have the root flag, check this (password protected)
    https://github.com/Hackplayers/hackthebox-writeups/tree/master/machines/Celestial

  • @c4u53 said:
    Any hints about the prev esc ?

    Check the content in the log folder to detect interesting way

  • I keep getting "invalid username type" error. Having trouble adding the username to the code. Can someone please help me with this?

  • @OTG said:
    I keep getting "invalid username type" error. Having trouble adding the username to the code. Can someone please help me with this?

    ignore it.. and continue..

Sign In to comment.