I got the shell but with www-d@t@ as the user. Can someone guide me how to do privileged escalation?
Can anyone help me with the root part? DM me
Working on this box. I am able to read files via a certain room url as well as write to /t**. I. Unable to execute anything with this vulnerability since I canât seem to write files to /v**/w***.
I have gotten a DB password but donât see many places to use it.
Am I in a rabbit hole trying to write a file this way?
can someone help me run the python program as p****r? I feel so close.
Rooted! Actually pretty easy but I made unnessary mistakes, so that this was the box I spend the longest time on. Thanks to @ixxelles for helping me out.
nice box, learned something new from it
anything you must need for the entire box is in this post already, but if you want help just come inbox
root@jarvis:~# id; wc -c root.txt
id; wc -c root.txt
uid=0(root) gid=0(root) groups=0(root)
33 root.txt
Cool machine!
Fim de jogo.
Trying get www-* shell from other ways. Until now I can confirm two different ways to get it.
Rooted. www-* to root was fun. The path to root was interesting with a lot of learning potential for linux sysadmin control features.
There are plenty of hints in this thread to get you through. Once you get your shell itâs straightforward.
Okay, still working through user. I am having a syntax error. I am using a certain web attack on a room. I can write files to /v**/w**/h***. But when viewing the new file, it shows me the column numbers with my code in the column I used.
I can get a shell with a popular tool, but there are limits to that shell.
User down. Bad syntax on my part. No creds needed. On to rootâŚ
Rooted at last.
I spawned one shell from another shell from another shell from another shell from anotherâŚ
Tip for root: copy your public key into authorized_hosts and just ssh in. I was unable to modify the system administration stuff from my reverse shell. I sshâd in properly, and the same exact steps worked perfectly.
Edit: Before I logged off the box I saw someone message me on the wall about how I got a particular file into the /tmp
folder. Use your kaliâs apache server, host whatever files youâd like to be able to transfer on there, and then use wget
from your shell on the box.
One shell leads to another leads to another leads toâŚroot.txt
Nice and straightforward box which aside from that one s*******l breadcrumb at the end is quite a life-life setup.
Thanks @manulqwerty and @Ghostpp7 for this one!
Feel free to PM if youâre stuck and looking for a nudge in the right direction.
Iâm super lost with the hint about the rooms⌠a PM nudge in the right direction would be greatly appreciated.
Sooo back at root. I am in as w**-d***, full tty using python pty. I was working at a certain script owned by p***** that according to s*** I could run. But a few dozen tries with different input/output configurations nothing came up. All led to permission denied or temporary failure in name resolution. Figured I might be in a rabbit hole.
Then I started privilege esc enum again and noticed a certain binary that could be run by another user. Thats where I am stuck, trying to either move to the certain user, or leverage the binary to do what I need it to. Would appreciate a nudge.
Thanks!
Great box, loved it !
User:
enumeration doesnât always mean dirb
If youâre being blocked change thingsâŚ
Know your tools, man is your friendâŚso is Google!!!
donât over complicate, keep it simple and when stuck, back to this thread, all the clues are here
Root:
Enumeration, find something that looks unusual, googleâŚgoogle some more, read the thread again.
Hey guys, I am trying to hack jarvis but it seems im totally stuck after the enum⌠found the p********n page and im totally lost now⌠I think itâs vuln to LFI but not sure as some exploits didnât work⌠any useful nudge where to look? Im new into this
Type your comment> @idomino said:
Iâm super lost with the hint about the rooms⌠a PM nudge in the right direction would be greatly appreciated.
THANK YOU for those who PM-d me Got the user, now onto the root
Type your comment> @mava said:
Can someone help me a bit?
I got the shell as pr via sr but no wanât echo any output.
If i type ls, it just shows ls but not the folders.
But I still can use cd, i just have no output for the commands.
Maybe I did something wrong with the privEsc command.
Little Help would be nice.
Thanks
Just exit after giving your commands. Will see the output