Jarvis

Favorite box so far, feel free to PM if you need help/tips

Nothing like somebody resetting the box as you’re a few keystrokes from root… :angry:

If you guys use an exploit to cp/cat either one of the flags to a very visible directory, please delete the file as well…

I need some help on root pls :slight_smile:
am stuck on S*******l not able to create service
pm me pls

I got user, but I’m struggling to get root. If anyone can PM me with some hint it would be very much appreciated :smile:

Hey! Someone could help me with the error that is not possible to link in root? I am not in /tmp .

Edit: Got it

rooted
pm me for hints :slight_smile:

This was a genuinely great box. Happy to help if anyone is stuck.

Forgot to ask this before… For those who’ve already gotten past the initial foothold: Did you do it manually or with a tool? I initially used a tool but went back to do it manually and could only do so much. Keen to improve my skillz on the manual leveraging of this vector so would be interested to know what approaches were taken for manual exploitation.

great box, learned a lot

root@jarvis:/root# id
id
uid=0(root) gid=0(root) groups=0(root)

Awesome box! my first medium root, thoroughly enjoyed and learned a lot!

I am having a hard time with root. could anyone give me a hint toward a direction?

Rooted, feel free to PM. Learned new things.

Thanks for everybody helped me. :slight_smile:

great machine send me pm if you stuck

Finally rooted, Awesome and fun box, fell free to pm if stuck (if pm write your current situation :wink: )

Stuck at root
I think I found the right way, but I can’t figure out how to exploit it yet
Can someone help me with a hint?
Edit: rooted, really nice box

■■■ w…a privesc is a pain in the ■■■!

Can anyone give me a hand finding directory for the first foothold?

I need some advice to escalate from wa to pr. I know how to abuse the exploit to have a reverse shell but with no priv esc… Can anyone PM, please?

Ok so for initial foothold ive enum’d 3 different tools to reveal the creds for /ph**n and i know theyre the right ones, but for some reason its spittin error that it doesnt exist or cant retrieve the page?? wtf am i doing wrong? Ncr and Hyd are running for 24hrs with no end in sight…feelin pretty frustrated

Let me note that i am running an older system AMD PHENOM II, so cred cracks take alot longer than usual but with a flag set to end when 1 is obtained and its been running for a whole day seems highly unusual

The M*****t exploit is the LFI-RCE which i know is the right one because it lines up with ph*******n version