Jarvis

Rooted. DM for hints.

Finally got a shell as www-data, are we meant to go straight to root or get into the users account first? Nothing has stood out so far.

Also, anyone able to pm about the high port? Still confused about it

Type your comment> @farbs said:

Type your comment> @Uvemode said:

Already in through another path, but how did you guys found the files?
Bruteforcing with directory medium and all the indicated extensions didn’t get me anything.

No need to brute force anything. Should be right in front of you to get your first shell.

I’m already in, I know which file I was suppose to find, with bruteforcing I mean directory listing, gobuster etc, but my wordlists didn’t find them, I had to get in through another path, which wordlists did you guys used?

Spoiler Removed

Type your comment> @Uvemode said:

Type your comment> @farbs said:

Type your comment> @Uvemode said:

Already in through another path, but how did you guys found the files?
Bruteforcing with directory medium and all the indicated extensions didn’t get me anything.

No need to brute force anything. Should be right in front of you to get your first shell.

I’m already in, I know which file I was suppose to find, with bruteforcing I mean directory listing, gobuster etc, but my wordlists didn’t find them, I had to get in through another path, which wordlists did you guys used?

Feel free to DM me and we can discuss. I’m almost finished rooting at the moment.

Problems exploiting the script in Pe***r user movement. I need some help

guys, i can’t move forward on the privelege escalation, any nudge please?

Spoiler Removed

Nice box. Quick and dirty. Good vacation from crazy boxes like unattended. Really need to watch Ironman now, huh?

Can anyone message me regarding root? I know what to do but it seems like I have a syntax error somewhere.

Edit: Got it, big thanks to @agr0

I found s______.py, but when I try to run it with the -p option, it gives a syntax error. Is this intended, or am I doing something wrong?

Stuck on that part as well, maybe reading the code might help , but even with that I’m still lost.

I’m too noob for this one, back to study bench.

Type your comment> @dm7500 said:

I found s______.py, but when I try to run it with the -p option, it gives a syntax error. Is this intended, or am I doing something wrong?

There’s not really enough information in your comment for me to know for sure what is going on here, but that script doesn’t work correctly under python2 if that helps. If that is the issue, however, you’re missing another important detail.

Type your comment> @deviate said:

Type your comment> @dm7500 said:

I found s______.py, but when I try to run it with the -p option, it gives a syntax error. Is this intended, or am I doing something wrong?

There’s not really enough information in your comment for me to know for sure what is going on here, but that script doesn’t work correctly under python2 if that helps. If that is the issue, however, you’re missing another important detail.

I do know that I have su access to the script when I run it as a certain person. I can get it to run now, but I’m having issues in adding my own commands after the IP for the -p option

@dm7500 said:

I do know that I have su access to the script when I run it as a certain person. I can get it to run now, but I’m having issues in adding my own commands after the IP for the -p option

Keep at it :slight_smile:

@zac777 said:

Stuck on that part as well, maybe reading the code might help , but even with that I’m still lost.

It will help, but you could also just try something and see what happens.

Type your comment> @dm7500 said:

Type your comment> @deviate said:

Type your comment> @dm7500 said:

I found s______.py, but when I try to run it with the -p option, it gives a syntax error. Is this intended, or am I doing something wrong?

There’s not really enough information in your comment for me to know for sure what is going on here, but that script doesn’t work correctly under python2 if that helps. If that is the issue, however, you’re missing another important detail.

I do know that I have su access to the script when I run it as a certain person. I can get it to run now, but I’m having issues in adding my own commands after the IP for the -p option

Yeah, so there are a bunch of hints earlier in this thread about that. Examine what the code is doing in that codepath and think about how you might be able to exploit it if there weren’t a filter. Then try to figure out if there’s some way to do something similar without getting caught by the filter.

how are you guys learning that www-data is a user?

had fun on this box, very well done. loved the clues along the way. would pwn again.

Type your comment> @dm7500 said:

I found s______.py, but when I try to run it with the -p option, it gives a syntax error. Is this intended, or am I doing something wrong?

You’re missing something.