Jarvis

Hey All; Need some help with privesc from pepper to root. Can someone DM please. Been on this back way too long. Thanks!

/

i am stuck on rooms , dont know where to process and what to look on the rooms , every post is saying to looked in room , i have looked into it hundred times but still nothing, help me plz

Got root. Amazing box. Thanks a lot @bing0o for help :wink:

Type your comment> @MetinYigit said:

Got root. Amazing box. Thanks a lot @bing0o for help :wink:

@MetinYigit you’re welcome my friend, congrats :smile:

Fun box. Some people here seems to be talking about creds, however I did not use any creds at a single place… weird.

Rooted! Really nice box. Feel free to PM for hints.

Rooted! .Thanks to all people helped me. PM for hints.

Very nice machine, I wasted a lot of time on the first part because I overestimated it. For root, use what’s under your eyes,
sometimes you are root without being root.

Rooted! Very nice machine, learned a lot! My favourite box yet, big thx to @manulqwerty and @Ghostpp7 !
Thank you @ThunderB for the hint! It spinned me out from my brain loop:)
Feel free to PM for hints.

Awesome box! Thx @manulqwerty & @Ghostpp7 for a solid challenge! User was an exceptionally nice experience, and found two slightly different paths towards obtaining a shell although the vulnerability is the same – I’m guessing that there are even more ways to do this.
I found root pretty much by thourogh f********m enumeration, but am a bit puzzeled on what configuration flaw would lead to this privelege escallation method as this would not normally occur on any linux box for all I know. If you know more on the underlying configuration; I am all ears.

Nice box, got a little stuck on Syntax at the end but Enjoyable…

anyone able to assist in helping me do local priv esc. stuck with www-data user

Type your comment> @barondune said:

anyone able to assist in helping me do local priv esc. stuck with www-data user

look for something that does not belong to you but you can borrow. :slight_smile:

Type your comment> @Jumecittu said:

Type your comment> @barondune said:

anyone able to assist in helping me do local priv esc. stuck with www-data user

look for something that does not belong to you but you can borrow. :slight_smile:

Thx man. I was able to figure out user. Stuck on root

My best advice on root: Be lazy, you don’t need a shell, you just want the flag

Type your comment> @t3ngu said:

My best advice on root: Be lazy, you don’t need a shell, you just want the flag

Thx man. Someone also pointed out a few things that is a cve that abuses some systems things (leaving out details) but i dont understand it.

All I ever get from this s*****py script with the added command is “No output” or the help menu even if I purposely put things that are mean to be forbidden. Banging my head against the wall!!!

This is killing me off. I reset the box as I was getting EOF errors from the py script. Now I get the banned message and the tool I used to remote shell previously will not connect.

Reset again and I’m banned immediately. Waiting 90 seconds does nothing. This request is to port 80 too so nothing to do with the high port. I can’t fathom why I wasn’t getting banned before no matter how much traffic I threw at the box, but now I can’t view one web page.

Type your comment> @thegoatreich said:

All I ever get from this s*****py script with the added command is “No output” or the help menu even if I purposely put things that are mean to be forbidden. Banging my head against the wall!!!

You’re pinging. If you google for ways or doing creative things with that you’ll find a format that works for the script.