Celestial hint

Okey, gonna put a great hint here and try not to give spoiler on the root.txt.

Once you are in, you need to modify a file which allows you to run command as root. When I did it that time, I used to for transport rather than escalation. For some who has been asking whether to have a full escalation, technically it is possible. Think venom… and reverse…

I didn’t go that step because I just wanted to capture the root flag, so I cut short the process.

Any hints about the prev esc ?

@Klamby said:
Rooted - interested to know what other methods exist though.

If you have the root flag, check this (password protected)

@c4u53 said:
Any hints about the prev esc ?

Check the content in the log folder to detect interesting way

I keep getting “invalid username type” error. Having trouble adding the username to the code. Can someone please help me with this?

@OTG said:
I keep getting “invalid username type” error. Having trouble adding the username to the code. Can someone please help me with this?

ignore it… and continue…

@SimVirus said:

@OTG said:
I keep getting “invalid username type” error. Having trouble adding the username to the code. Can someone please help me with this?

ignore it… and continue…

But I am not getting a shell… ¯_(ツ)_/¯

Got the shell thank you SimVirus for help. My listener command was wrong. It is always something stupid with these boxes… :smiley:

HTTP/1.1 200 OK
X-Powered-By: Express
Content-Type: text/html; charset=utf-8
Content-Length: 41
ETag: W/“29-mT0hiiE62mfFMAIMRMkQ7Q6tVaM”
Date: Tue, 31 Jul 2018 13:24:37 GMT
Connection: close

An error occurred…invalid username type

any one help every time i send the payload i am getting this any advise

@OTG said:

@SimVirus said:

@OTG said:
I keep getting “invalid username type” error. Having trouble adding the username to the code. Can someone please help me with this?

ignore it… and continue…

But I am not getting a shell… ¯_(ツ)_/¯

Try until you receive a “OK 200” (and not Error 500)

@laylow said:
HTTP/1.1 200 OK
X-Powered-By: Express
Content-Type: text/html; charset=utf-8
Content-Length: 41
ETag: W/“29-mT0hiiE62mfFMAIMRMkQ7Q6tVaM”
Date: Tue, 31 Jul 2018 13:24:37 GMT
Connection: close

An error occurred…invalid username type

any one help every time i send the payload i am getting this any advise

It’s ok… ignore the error… (but check the payload)

HI,

can anyone give me a nudge becomming root

thanks

@tobmes said:
HI,

can anyone give me a nudge becomming root

thanks

please read the previous page!

■■■ that was super easy

@SimVirus said:

@laylow said:
HTTP/1.1 200 OK
X-Powered-By: Express
Content-Type: text/html; charset=utf-8
Content-Length: 41
ETag: W/“29-mT0hiiE62mfFMAIMRMkQ7Q6tVaM”
Date: Tue, 31 Jul 2018 13:24:37 GMT
Connection: close

An error occurred…invalid username type

any one help every time i send the payload i am getting this any advise

It’s ok… ignore the error… (but check the payload)

thanks Simvirus ill try once i get back home from work lol :pensive:

is there a password requiered to become root access?

@tobmes said:
is there a password requiered to become root access?

Nope!

I got user a while ago and am trying to get root. I have a few attack vectors in mind, but I keep getting booted off the system (the instability). If anyone can confirm if any of them are the right direction in a PM I would appreciate it.

so i have created my payload and i send it but i just can’t open shell what am i doing wrong i went threw again and again but am still not getting in session i think my payload is ok too

nvm got shell listener had issue. but it working now

finally, I got root. PM if you need some help.