Celestial hint

Can anyone pm me on this I am seriously so frustrated at this and am stuck just getting the payload to run so I can get a shell. As soon as I get a shell root will be easy but for some reason this is killing me. +Rep if you can lend a hand !

managed root - thanks to some hints and patience.
I get how this works, but is there anyone I can discuss with - I would like to know why

Surprisingly easy box

For user you need basic google skills.

For root you need to do another retired box or watch youtube guides.

Really loved the box, pm if you need subtle educational hints :slight_smile:

Got user and root flags, nice challenge PM me if you need some help!

Having issues with your exploit? (Shoutout to Baud for the help with this)

Check the closing brackets, make sure the syntax makes sense, having too many bad characters will give you an error.

Not getting a shell?
If the page responds with a new line, but you still dont have a shell, double check your listener is on the right port and matches your exploit.
You will want to punch yourself if you don’t. :slight_smile:

Celestial Box is rather easy to have root access than I expected.

Still trying to get better at Burp, I know this is an old box but my serialized payload is returning back the same user error that a lot of others complained about. Still getting a 200 back but nothing on the listener side. Any PM nudges, greatly appreciated.

Got user…nvm -_-

Root…check

getting some kind of username error! can someone help?

nvm!

not getting the shell via NC. Can someone help

hey uhh…is the root flag supposed to be in one of suns directories…?

Rooted, if needs help PM me, or catch me on netsecfocus @lilocruz.

Got root.txt!!!

Want to know how to get root access anyone can help?

i dont have burp professional, is zap has same features ? i haven’t used zap much. and my burp pro license expired.

Hello, I am following the article and i have generated the excact same payload as in the article. But when i send it in place of the snickerdoodle i am getting a bunch of syntax errors in the response, any ideas?

@Monkey23 said:
Hello, I am following the article and i have generated the excact same payload as in the article. But when i send it in place of the snickerdoodle i am getting a bunch of syntax errors in the response, any ideas?

same problem

When I upload payload I’ve this error:
SyntaxError: Unexpected token r
at Object.parse (native)
at Object.exports.unserialize (/home/sun/node_modules/node-serialize/lib/serialize.js:62:16)
at /home/sun/server.js:11:24
at Layer.handle [as handle_request] (/home/sun/node_modules/express/lib/router/layer.js:95:5)
at next (/home/sun/node_modules/express/lib/router/route.js:137:13)
at Route.dispatch (/home/sun/node_modules/express/lib/router/route.js:112:3)
at Layer.handle [as handle_request] (/home/sun/node_modules/express/lib/router/layer.js:95:5)
at /home/sun/node_modules/express/lib/router/index.js:281:22
at Function.process_params (/home/sun/node_modules/express/lib/router/index.js:335:12)
at next (/home/sun/node_modules/express/lib/router/index.js:275:10)

Any hint please?

Rooted PM if you need help

got user kblooie, now for the priv esc

Rooted, was surprisingly simple after spending so long to get the initial access. Just as with the machine Poison, when you get initial access just enumerate. Go through everything the machine is doing and running, you will find the way.