Jarvis

Hi, can please somebody help me with the last step of user, where you make this specific command? I figured the vulnerability already out and know how to bypass, but I get always some errors. Please send me a message

Rooted.

I found one way to an initial foothold, can see there is at least another. Interested to hear from anyone who wants to compare notes.

EDIT nevermind I think I have the answer

I’m stuck on the initial foothold. I’m finding other people’s shells during my enumeration, and could easily just use them to get a shell as www-data but I need to know how people are getting those shells uploaded.

I know that *.php?= URL that may lead to an LFI: I can not provoke this URL to give me anything of use by the way of either a file or a useful error message.

I 've also found the login for /p*******n, but I can’t exploit it unless I’m finding the credentials?

Can someone PM me a hint to help me exploit the room?

Edit: Got credentials to p********n, thanks to @sneakypanda for the nudge and confirming I was on the right track after the fact.

Can someone help me on this? I have been looking at the rooms for hours but cannot find anything. Thanks.

My hint to root:

If you are using an outdated version of LinEnum… try to update it from the github page and you will be able to see the path.

Don’t be a dumb like me :neutral:

Can anyone drop me a message with a hint on root? Happy to say where I’m up to and what I’ve tried. Pulling my hair out a bit!

Narrowed all my issues down to the fact that I spawned a shell from sq*£)$ap. It wasn’t running the py script properly and erroring out.
Used a different way in and the script ran properly and got user.
Thanks to @f3v3r and @solsound on Discord and @hva on here.

I now know how to get in but got a ban in the process. Lasting since 20mins. Is this normal?

Type your comment> @pourquoi said:

Can someone help me on this? I have been looking at the rooms for hours but cannot find anything. Thanks.

This clue got me stuck for ages, and then it turned out I got in without any rooms at all. DM me and let me know what you’ve tried so far etc and I’ll try to nudge you along.

Can anyone help me with the syntax in the last step before root?

i find p********n directory but i dont know what to do next, need help

Just rooted. ■■■■, interesting experience, i learned about new things, especially getting user. Root was pretty straightforward.

I got the shell but with www-d@t@ as the user. Can someone guide me how to do privileged escalation?

Can anyone help me with the root part? DM me

Working on this box. I am able to read files via a certain room url as well as write to /t**. I. Unable to execute anything with this vulnerability since I can’t seem to write files to /v**/w***.

I have gotten a DB password but don’t see many places to use it.

Am I in a rabbit hole trying to write a file this way?

can someone help me run the python program as p****r? I feel so close.

Rooted! Actually pretty easy but I made unnessary mistakes, so that this was the box I spend the longest time on. Thanks to @ixxelles for helping me out.

nice box, learned something new from it :slight_smile:
anything you must need for the entire box is in this post already, but if you want help just come inbox

root@jarvis:~# id; wc -c root.txt
id; wc -c root.txt
uid=0(root) gid=0(root) groups=0(root)
33 root.txt

Cool machine! :slight_smile:
Fim de jogo.