Jarvis

Rooted, if anyone needs help, DM me :slight_smile:

I didn’t get banned despite all my efforts - so still not sure what would trigger that?

I won’t post the exact specifics, but from looking at the code it appears that you have to make X number of requests which are flagged within Y seconds. If that happens, you’ll get a 90 second ban.

Basically, a targeted attack is more likely to work than having an automated tool send a bunch of random probes which is likely to trigger the ban.

@ad1337 said:
rooted. had to restart it, because I couldn’t get a stable shell which - in my case - is a must to root this machine.

Depending what point you’re at in the process, you can potentially also echo a key into authorized_hosts at which point you can just ssh in.

any nudge for initial foothold would be appreciated.

Hint for foothold:
Scope out the entire hotel, don’t forget to check every “room” :wink:

Wow, Jarvis is fun, but I can’t make much progress. The server is getting beaten too badly by people. Crawls, then gets reset, crawls, reset, etc. Guess I can wait until things calm down. Or go VIP again. I’m not going to spoil anything, but here’s a tip. If you look up Infoblox NetMRI 7.1.4 Shell Escape / Privilege Escalation, you might just learn something, about yourself :wink: no not really, more about shells.

This was a good one… Learnt alot… Can PM me for help if you want

checked each one of them, but still stuck

this hurts me… can some one give me a nudge pls. btw am at the beginning after decoding

finally got user thanks for the tips to @sirusthevirus and @KevinMoore

Rooted! Fun box, and learned a ton, especially during root.

Thanks to all who helped.

I found s*****r.py and got stuck. Please give me a hint to solve the user(PM).

Rooted. Took longer than expected with work days lasting so long recently. Only worked on the box ~20-30 minutes at a time. Still, smooth and simple and I’m thankful for a break from some of these head banging machines.

Props to @manulqwerty and @Ghostpp7 for rolling out a box that can teach a lot for people just getting into this stuff, while also keeping it concise enough that you don’t tread too far away from the final objective. Kudos.

There are some really great hints already here in the forum too. If you find yourself really struggling after too much “try harder-[ing]”, then feel free to reach out if you need help, as well.

learned from this box, google is your friend b**h command substitution

Rooted. Fun and simple.

Hints:

  • Check out OWASP top ten
  • How many ways can you think of for redirecting the output of one command to another?
  • Last step is pretty straight forward, but you’ll need some Googling

Feel free to PM if you’re stuck

I’m such a newbie in solving machines. Can you tell me any retired machines that are lowkey similar to Jarvis, so I can watch Ippsec videos and learn from them

back to the learning bench

Ive waited 10 mins and even rebooted but the web page still says:
“Hey you have been banned for 90 seconds, don’t be bad”

Type your comment> @WiseGuy said:

Ive waited 10 mins and even rebooted but the web page still says:
“Hey you have been banned for 90 seconds, don’t be bad”

you’re hitting the machine with too much requests. check @deviate advice. try to go manual.

what’s so cool about s***y. if you run commands you’re still wa so why is that useful.