Jarvis

@zepz0p , nope. I got that too. Can be used to get user as well.

Finally rooted, Thanks to everyone in this forum.
Here are already really good tips … read them carefully then you know what to do :slight_smile:

@zepz0p why are you confused? I’m pretty sure that’s what everybody did. What do you see that implies otherwards?

::systemctl /h**/p**/***.service but im still stuck… no success

just rooted this great box :slight_smile:
the initial foothold took me a while, rest was very smooth and straight forward.

rooted fun and good box , i think i learned something :smiley:
the first part, you need to get shell by exploit a web vuln and get the creds , login and get the shell
a lil enumeration would be enough to bypass the filter in s*****.py and get user.txt
the root not so hard just use google and everything will be fine :wink:

pm me if you need more help
Arrexel

Rooted ! What a fun box !

Rooted! Some hints:

  • User. (1) Exploit a classic web vulnerability in order to get some creds. (2) After using those creds, the only thing you need is to google. (3) Once you have a low priv shell, use a python script located somewhere to escalate your privileges (this part is a little bit tricky because of the “forbidden chars”).

  • Root. Use the tipical enumeration script to see the entry point to priv esc. Once you see it, it is quite straightforward how to exploit it, just google a little.

Funny box! PM me if you need a nudge

i need help!!!
i am user p****r, and i have my .se in /t*.

i run:

syl lk $P/.se
sy
**l st ********

and the output:

Failed to link unit: No such file or directory
Failed to start ***.s*****e: Unit **.se not found.
Failed to start transient service unit: The name org.freedesktop.PolicyKit1 was not provided by any .s
e files

Rooted. A straightforward box!

Type your comment> @rubenix said:

i need help!!!
i am user p****r, and i have my .se in /t*.

i run:

syl lk $P/.se
sy
**l st ********

and the output:

Failed to link unit: No such file or directory
Failed to start ***.s*****e: Unit **.se not found.
Failed to start transient service unit: The name org.freedesktop.PolicyKit1 was not provided by any .s
e files

systemctl doesn’t get on well with /tmp folder

Just got root. Learned a lot on this box, especially the privesc.

Can someone help me a bit?
I got the shell as pr via sr but no wan’t echo any output.
If i type ls, it just shows ls but not the folders.
But I still can use cd, i just have no output for the commands.
Maybe I did something wrong with the privEsc command.
Little Help would be nice.
Thanks :slight_smile:

Can someone help me a bit?
I got the shell as pr via sr but no wan’t echo any output.
If i type ls, it just shows ls but not the folders.
But I still can use cd, i just have no output for the commands.
Maybe I did something wrong with the privEsc command.
Little Help would be nice.
Thanks :slight_smile:

Hey @mava, maybe you can spawn a new shell from your p******r shell. Just because you don’t see the output doesn’t mean the commands aren’t executing :wink:

check your available programs from your enumeration.

Rooted!
Nice box learned a lot.
Thanks to @v0yager :slight_smile:

Feel free if somebody needs help.

Rooted. Thanks to @BINtendo and @beorn . Let me know if you need any help.

Rooted!
OSCP like machine.

Rooted.

Some hint:
user: like a web pt, there is a classic web vulnerability that you exploit with a known tool in which you can create an os-shell,after then you must study a python script and with a google search (shell escape) you bypass forbidden character;
root : with a classic enumeration tool you find the way; use enable with absolute path and you must sure that your service/script have execution permissions.

Type your comment

Type your comment> @v0yager said:

Can someone help me a bit?
I got the shell as pr via sr but no wan’t echo any output.
If i type ls, it just shows ls but not the folders.
But I still can use cd, i just have no output for the commands.
Maybe I did something wrong with the privEsc command.
Little Help would be nice.
Thanks :slight_smile:

Hey @mava, maybe you can spawn a new shell from your p******r shell. Just because you don’t see the output doesn’t mean the commands aren’t executing :wink:

check your available programs from your enumeration.

Upgrading Simple Shells to Fully Interactive TTYs - ropnop blog

You should upgrade your shell, to more interactive shell, i think. I did it with python’s pty.