Jarvis

Have user & shell, if you need help PM me

Not got root yet though

Type your comment> @n0t said:

In same situation as @hoodedfigure . I know how execute arbitrary commands in s***.py but I don’t know what to execute to get pe**** shell. Always getting d*** shell

@n0t said:
In same situation as @hoodedfigure . I know how execute arbitrary commands in s***.py but I don’t know what to execute to get pe**** shell. Always getting d*** shell

Hi n0t,

I already got user. I was just suggesting it for others. If you need a hint send me a PM.

Regards, HF

please have mercy. please dont execute that beef. we can’t have a stable connection :frowning:

Type your comment> @hoodedfigure said:

Type your comment> @Revolution said:

Type your comment> @hoodedfigure said:

Type your comment> @keithschm said:

Type your comment> @aasiakhan said:

I am stuck on s********y. Can anyone help me out with some reading material or how to approach it?

me toooooooo… Could someone have changed permissions?

Just cracked user, take a look a the s********y and see what it’s doing. Find a way to use that to your advantage.

Been there, but after finding a way to leverage the script for my own benefit, I get the same permissions (obviously). SUID/GUID files do not help either.

Previously mentioned by @Zot

Google: Infoblox NetMRI 7.1.4 Shell Escape / Privilege Escalation

God bless you @hoodedfigure

I have no idea what I am doing wrong at the privilege escalation. I always get a “Failed to link/enable unit” error…

Edit: thanks to @l0lxD I was finally able to get root. Do not blindly follow the tutorial. You won’t need every step.

@palaziv what tutorial?

@igaralf you will find it once you know which thing to exploit

really interesting answer…

There are enough hints in this thread. Sorry, but I can not mention the page without spoiling everything.

I got shell was w**-***a user and i have found s______.py but i can’t bypass those forbidden characters! I really have no clue of what other characters i can use to accomplish what i need to :-/
Can anyone point in the right direction?

Type your comment> @snox said:

I got shell was w**-***a user and i have found s______.py but i can’t bypass those forbidden characters! I really have no clue of what other characters i can use to accomplish what i need to :-/
Can anyone point in the right direction?

There are both a bunch of less obvious hints as well as a couple links to the answer to this question in this thread if you just read back through it. :wink:

I> @deviate said:

Type your comment> @snox said:

I got shell was w**-***a user and i have found s______.py but i can’t bypass those forbidden characters! I really have no clue of what other characters i can use to accomplish what i need to :-/
Can anyone point in the right direction?

There are both a bunch of less obvious hints as well as a couple links to the answer to this question in this thread if you just read back through it. :wink:

I did, but i couldn’t make sense of it… until now! :stuck_out_tongue:
I had no idea that method existed! Thanks @TigaxMT for pointing me in the right direction.

can someone help me i am stuck in the rooms

Type your comment> @marki2121 said:

can someone help me i am stuck in the rooms

Several classes of vulnerabilities are related to code accepting user input and not properly validating or sanitizing that input. How can you provide input to scripts on this site? If you play with those inputs, can you cause errors or unexpected behaviors? If so, what might that mean?

I am root!!
Feel free to pm me,if you need any help.

ROOTED! Thanks @d3ck4rd and @picaro for the hints.

If you need help ping me

Rooted. Thanks @lonewolf and @picaro for the hints.

There are many hints in this topic, especially for the user … so I am going to nudge especially for root: The way to get root is to use a similar type of vuln as the one you used to get the user (p****r). Your enum scripts and a two-minute google search will give you what you will need for r00t.

P.S For the love of God, don’t reset the machine because “You have been banned for 90 secs”.

can someone pm me for user

I am stuck on the initial foothold:

I found:
Cookie Without H*** O*** Flag
p**MA*** CSRF
Tw * g Server Side Template Injection

but still stuck. any tips?

For anyone struggling with user and the s********y, i say, go back to your initial thinking about the reason you believe you can take advantage of it and make sure u understand what exactly means the clue that you found/read at the enumeration stage.