Celestial hint

1678911

Comments

  • OTGOTG
    edited August 2018

    @SimVirus said:

    @OTG said:
    I keep getting "invalid username type" error. Having trouble adding the username to the code. Can someone please help me with this?

    ignore it.. and continue..

    But I am not getting a shell.. ¯_(ツ)_/¯

    Got the shell thank you SimVirus for help. My listener command was wrong. It is always something stupid with these boxes... :-D

  • HTTP/1.1 200 OK
    X-Powered-By: Express
    Content-Type: text/html; charset=utf-8
    Content-Length: 41
    ETag: W/"29-mT0hiiE62mfFMAIMRMkQ7Q6tVaM"
    Date: Tue, 31 Jul 2018 13:24:37 GMT
    Connection: close

    An error occurred...invalid username type

    any one help every time i send the payload i am getting this any advise

    Arrexel
    OSCP | OSCE half way!

  • @OTG said:

    @SimVirus said:

    @OTG said:
    I keep getting "invalid username type" error. Having trouble adding the username to the code. Can someone please help me with this?

    ignore it.. and continue..

    But I am not getting a shell.. ¯_(ツ)_/¯

    Try until you receive a "OK 200" (and not Error 500)

  • @laylow said:
    HTTP/1.1 200 OK
    X-Powered-By: Express
    Content-Type: text/html; charset=utf-8
    Content-Length: 41
    ETag: W/"29-mT0hiiE62mfFMAIMRMkQ7Q6tVaM"
    Date: Tue, 31 Jul 2018 13:24:37 GMT
    Connection: close

    An error occurred...invalid username type

    any one help every time i send the payload i am getting this any advise

    It's ok.. ignore the error... (but check the payload)

  • HI,

    can anyone give me a nudge becomming root

    thanks

  • @tobmes said:
    HI,

    can anyone give me a nudge becomming root

    thanks

    please read the previous page!

  • omg that was super easy

  • @SimVirus said:

    @laylow said:
    HTTP/1.1 200 OK
    X-Powered-By: Express
    Content-Type: text/html; charset=utf-8
    Content-Length: 41
    ETag: W/"29-mT0hiiE62mfFMAIMRMkQ7Q6tVaM"
    Date: Tue, 31 Jul 2018 13:24:37 GMT
    Connection: close

    An error occurred...invalid username type

    any one help every time i send the payload i am getting this any advise

    It's ok.. ignore the error... (but check the payload)

    thanks Simvirus ill try once i get back home from work lol :pensive:

    Arrexel
    OSCP | OSCE half way!

  • is there a password requiered to become root access?

  • @tobmes said:
    is there a password requiered to become root access?

    Nope!

  • I got user a while ago and am trying to get root. I have a few attack vectors in mind, but I keep getting booted off the system (the instability). If anyone can confirm if any of them are the right direction in a PM I would appreciate it.

    Maglok

  • so i have created my payload and i send it but i just can't open shell what am i doing wrong i went threw again and again but am still not getting in session i think my payload is ok too

    Arrexel
    OSCP | OSCE half way!

  • nvm got shell listener had issue. but it working now

    Arrexel
    OSCP | OSCE half way!

  • finally, I got root. PM if you need some help.

    Ozunu

  • The shell keep on going idle after 2-3 commands
  • edited August 2018

    @etsandy said:
    Anyone able to PM on where I may be going wrong here with response to my payload:

    SyntaxError: Unexpected token

    at Object.parse (native)
    at Object.exports.unserialize (/home/sun/node_modules/node-serialize/lib/serialize.js:62:16)
    at /home/sun/server.js:11:24
    at Layer.handle [as handle_request] (/home/sun/node_modules/express/lib/router/layer.js:95:5)
    at next (/home/sun/node_modules/express/lib/router/route.js:137:13)
    at Route.dispatch (/home/sun/node_modules/express/lib/router/route.js:112:3)
    at Layer.handle [as handle_request] (/home/sun/node_modules/express/lib/router/layer.js:95:5)
    at /home/sun/node_modules/express/lib/router/index.js:281:22
    at Function.process_params (/home/sun/node_modules/express/lib/router/index.js:335:12)
    at next (/home/sun/node_modules/express/lib/router/index.js:275:10)
    

    Any Help much appreciated!

    The error itself is a hint.

  • @stevv said:
    when ever i am running the exploit i am getting
    An error occurred...invalid username type

    why is it so can you help me

    nvm got it

    All parts are important

  • Well, I can't seem to get the payload running. I send the request after encoding it accordingly but nc doesn't receive the connection, I tried using a couple different payloads and none seems to be working, does anyone know if it's a problem with nc or if I'm missing something? A PM would be highly appreciated, this is getting frustrating.

  • @TTYlerDurden said:

    @penumbra said:
    Ignore, got it.

    If you need a hint check out /var/log/syslog

    This was the most helpful thing.

    Feel free to PM for nudges

    +1

  • edited August 2018

    Got user but completely stuck on privesc. Very new to this and have no idea how to go about it. A slight nudge in the right direction would be super helpful if anyone is wiling.
    Thank you

    Ok so i found the 2 useful files and worked out their timings (don't think thats a spoiler) but there are people editing them as i do and im not sure if im trying to type the wrong command or they are if someone could just help advice on what the correct command is so i know my fighting isnt futile that'd be great.

    Nvm literally just got it right after adding that if anyone needs help just dm me

  • Can anyone pm me on this I am seriously so frustrated at this and am stuck just getting the payload to run so I can get a shell. As soon as I get a shell root will be easy but for some reason this is killing me. +Rep if you can lend a hand !

    heigou

  • managed root - thanks to some hints and patience.
    I get how this works, but is there anyone I can discuss with - I would like to know why

  • Surprisingly easy box

    For user you need basic google skills.

    For root you need to do another retired box or watch youtube guides.

    Really loved the box, pm if you need subtle educational hints :)

  • Got user and root flags, nice challenge PM me if you need some help!

  • Having issues with your exploit? (Shoutout to Baud for the help with this)

    Check the closing brackets, make sure the syntax makes sense, having too many bad characters will give you an error.

    Not getting a shell?
    If the page responds with a new line, but you still dont have a shell, double check your listener is on the right port and matches your exploit.
    You will want to punch yourself if you don't. :)

    heigou

  • edited August 2018

    Celestial Box is rather easy to have root access than I expected.

  • edited August 2018

    Still trying to get better at Burp, I know this is an old box but my serialized payload is returning back the same user error that a lot of others complained about. Still getting a 200 back but nothing on the listener side. Any PM nudges, greatly appreciated.

    Got user...nvm -_-

  • Root...check

  • edited August 2018

    getting some kind of username error! can someone help?

    nvm!

  • not getting the shell via NC. Can someone help

Sign In to comment.