Jarvis

Rooted, feel free to PM. Learned new things.

Thanks for everybody helped me. :slight_smile:

great machine send me pm if you stuck

Finally rooted, Awesome and fun box, fell free to pm if stuck (if pm write your current situation :wink: )

Stuck at root
I think I found the right way, but I can’t figure out how to exploit it yet
Can someone help me with a hint?
Edit: rooted, really nice box

■■■ w…a privesc is a pain in the ■■■!

Can anyone give me a hand finding directory for the first foothold?

I need some advice to escalate from wa to pr. I know how to abuse the exploit to have a reverse shell but with no priv esc… Can anyone PM, please?

Ok so for initial foothold ive enum’d 3 different tools to reveal the creds for /ph**n and i know theyre the right ones, but for some reason its spittin error that it doesnt exist or cant retrieve the page?? wtf am i doing wrong? Ncr and Hyd are running for 24hrs with no end in sight…feelin pretty frustrated

Let me note that i am running an older system AMD PHENOM II, so cred cracks take alot longer than usual but with a flag set to end when 1 is obtained and its been running for a whole day seems highly unusual

The M*****t exploit is the LFI-RCE which i know is the right one because it lines up with ph*******n version

Anyone can help me with the sy******l exploit? Can’t find out the service needed?
Thanks in advance.

Funny, there are so many users pounding on JARVIS that it is almost impossible to not step on each others feet. In my first attempt my enumeration found several exploit helpers left over by others, I got initial foothold and user with ease. I thought that this was all too odd and not fitting any hints given here. Indeed, when I tried later (presumably after several resets) all of that was gone. Nonetheless, I figured it out. So I did this box twice… Interesting challenge, though. Many facepalms. Reminds me what one of my professors in CS theory said when he presented a tricky proof (he was not a native speaker): proof is easy but very difficult…

got user, thanks to @phillarby for keeping me on the right track, now onto root root

im on root, and im trying my hardest to figure out sy*****tl using the enable flag by calling my script keeps spitting “no file or directory found” which is strange cuz im running it in the same directory thats housing it…lol i know im doing something wrong but i cant figure for the life of me what it is…and its so frustrating cuz im sooo close…a gentle poke might help :slight_smile:

I’ve been busy for many hours trying to figure out the foothold. I’ve tried 3 different tools. Checked out the rooms, pictures, LFI and bruteforce p********n. Could someone perhaps nudge me in the right direction, please?

stuck in the same spot, not sure how to proceed. have p********n but cant figure out where to go from here. thanks

still stuck on root sy*l i created the .se file and try to enable with proper flags, but it keeps spittin “Failed to enable” not found, im not too privy and im reading up as much as i can, i hope this doesnt spoil… but if anyone is up to discussing ideas or other tactics please pm me :slight_smile:

Woohoo!! got user and root in one day after banging my head against a brick wall for a couple of weeks. Need to think outside of the box and one database related comment was what through the brick wall. All hints needed to root this box are already in the forums. if you are really stuck then re-read the forum again and again until something clicks. Oh, google is also a great help. Added another couple of sites to my bookmarks.

Okay, I’ve been banging my head against the wall on Root for a few days now. I’ve seen a few posts on needing to get a more stable shell to properly interface with sysl, (s) - which prompts me for a pw. Can anyone point me towards information on how to either 1) reset the user account password without knowing the password to begin with, 2) setup the more stable shell (s) for an account without having to know the current password, or 3) obtain the current password for the user account? Without doing this step, I’m stuck at various sys****l errors trying to get a ser**** to run.

I’m trying to create a service, but when I try to start it from the location where I can write, it throws an error saying no such file found. Badly stuck on the root priv esc part.

Hi guys ! Can someone please give a nudge on getting root . I got the user but dont know how to get root.
Any help pls :slight_smile:

this box is a pain in the fucking ■■■. keep getting banned for trying out different enumeration services. need a nudge / hint bad, close to giving up on this…