Celestial hint

@etsandy said:
Anyone able to PM on where I may be going wrong here with response to my payload:

SyntaxError: Unexpected token

at Object.parse (native)
at Object.exports.unserialize (/home/sun/node_modules/node-serialize/lib/serialize.js:62:16)
at /home/sun/server.js:11:24
at Layer.handle [as handle_request] (/home/sun/node_modules/express/lib/router/layer.js:95:5)
at next (/home/sun/node_modules/express/lib/router/route.js:137:13)
at Route.dispatch (/home/sun/node_modules/express/lib/router/route.js:112:3)
at Layer.handle [as handle_request] (/home/sun/node_modules/express/lib/router/layer.js:95:5)
at /home/sun/node_modules/express/lib/router/index.js:281:22
at Function.process_params (/home/sun/node_modules/express/lib/router/index.js:335:12)
at next (/home/sun/node_modules/express/lib/router/index.js:275:10)

Any Help much appreciated!

The error itself is a hint.

@stevv said:
when ever i am running the exploit i am getting
An error occurred…invalid username type

why is it so can you help me

nvm got it

All parts are important

Well, I can’t seem to get the payload running. I send the request after encoding it accordingly but nc doesn’t receive the connection, I tried using a couple different payloads and none seems to be working, does anyone know if it’s a problem with nc or if I’m missing something? A PM would be highly appreciated, this is getting frustrating.

@TTYlerDurden said:

@penumbra said:
Ignore, got it.

If you need a hint check out /var/log/syslog

This was the most helpful thing.

Feel free to PM for nudges

+1

Got user but completely stuck on privesc. Very new to this and have no idea how to go about it. A slight nudge in the right direction would be super helpful if anyone is wiling.
Thank you

Ok so i found the 2 useful files and worked out their timings (don’t think thats a spoiler) but there are people editing them as i do and im not sure if im trying to type the wrong command or they are if someone could just help advice on what the correct command is so i know my fighting isnt futile that’d be great.

Nvm literally just got it right after adding that if anyone needs help just dm me

Can anyone pm me on this I am seriously so frustrated at this and am stuck just getting the payload to run so I can get a shell. As soon as I get a shell root will be easy but for some reason this is killing me. +Rep if you can lend a hand !

managed root - thanks to some hints and patience.
I get how this works, but is there anyone I can discuss with - I would like to know why

Surprisingly easy box

For user you need basic google skills.

For root you need to do another retired box or watch youtube guides.

Really loved the box, pm if you need subtle educational hints :slight_smile:

Got user and root flags, nice challenge PM me if you need some help!

Having issues with your exploit? (Shoutout to Baud for the help with this)

Check the closing brackets, make sure the syntax makes sense, having too many bad characters will give you an error.

Not getting a shell?
If the page responds with a new line, but you still dont have a shell, double check your listener is on the right port and matches your exploit.
You will want to punch yourself if you don’t. :slight_smile:

Celestial Box is rather easy to have root access than I expected.

Still trying to get better at Burp, I know this is an old box but my serialized payload is returning back the same user error that a lot of others complained about. Still getting a 200 back but nothing on the listener side. Any PM nudges, greatly appreciated.

Got user…nvm -_-

Root…check

getting some kind of username error! can someone help?

nvm!

not getting the shell via NC. Can someone help

hey uhh…is the root flag supposed to be in one of suns directories…?

Rooted, if needs help PM me, or catch me on netsecfocus @lilocruz.

Got root.txt!!!

Want to know how to get root access anyone can help?

i dont have burp professional, is zap has same features ? i haven’t used zap much. and my burp pro license expired.

Hello, I am following the article and i have generated the excact same payload as in the article. But when i send it in place of the snickerdoodle i am getting a bunch of syntax errors in the response, any ideas?