Jarvis

Removed

nvm got a shell as w**-d***. Now working for user. Any pointer would be great!

Got into admin panel, but can’t figure out how to get a shell from here. Been stuck for ages so a helping hand would be much appreciated

nvm. Go it now :slight_smile:

NVM.

Type your comment> @qmi said:

Type your comment> @jayjay25 said:

Any help on user? I’ve looked up infoblox rmi and can execute commands through the script but they run as w**-d** instead of p****** as i’m executing the script …I’m missing something simple here?

Try privesc to user p****r with the most used method on Linux. It’ll run any command for you as that user.

Could you please elaborate on this? The “most used method” I can think of will not work without having user passwords…

Hey there. This might seem lame but I managed to get the user flag by executing some commands. However I horribly fail to spawn a shell as that certain user. Is it possible to do so? Is it required in order to escalate to root?

I receive a ban each time I try to use some common tool to enumerate and obtain an os-shell, why??

i got stuck on w-d.
i already found simpler.py but i didnt figure out how to get pepper shell please DM for help tks

@voidhofer said:

Try privesc to user p****r with the most used method on Linux. It’ll run any command for you as that user.

Could you please elaborate on this? The “most used method” I can think of will not work without having user passwords…
sudo . Always try the most obvious first

Type your comment

"Hey you have been banned for 90 seconds, don’t be bad " for hours now… anyone know why Im getting banned forever it seems like. haven’t been able to do anything to the machine for hours.

Type your comment> @qmi said:

@voidhofer said:

Try privesc to user p****r with the most used method on Linux. It’ll run any command for you as that user.

Could you please elaborate on this? The “most used method” I can think of will not work without having user passwords…
sudo . Always try the most obvious first

Yep. That was my first attempt but it does not work without a password. Tried with multiple shells, also tried with different versions of python, still no luck.

Type your comment> @iQimpz said:

"Hey you have been banned for 90 seconds, don’t be bad " for hours now… anyone know why Im getting banned forever it seems like. haven’t been able to do anything to the machine for hours.

Try stopping your automated tests and clear browser cache. In my case F5 (or Ctrl/Cmd+Shift+R) was enough to solve the problem.

Finally managed to get root. Great machine, managed to learn a lot out of it. However, since I am relatively new to all this , would someone be kind enough to PM me and explain why the last step works that way? No need to post any hints etc since the posts here have pretty much everything covered.

i got stuck on w-d.
i already found simpler.py but i didnt figure out how to get pepper shell please DM for help tks

I am horrendously stuck at user. Have shell at w**-d***, but have no idea how to use s******.py. Any help would be greatly appreciated!

Rooted!
Tips -
Initial Foothold - classic enum > OWASP top 10 > explore the options of your tool.
USER - search for a script with appropriate permissions > escape forbidden characters (there is one technique that isn’t forbidden)
ROOT - enum again > then focus in and correct your syntax

Any questions feel free to PM me!

Finally rooted!
Tips :-
User → Attract the shell by the power of dollar :stuck_out_tongue:
Root → gtfo i am not gonna tell you :stuck_out_tongue:
if you are still stuck at some point feel free to ping me up for hints or solution :slight_smile:

Could I have some help on getting s******.*y? I know that I have to use some special character but I don’t know which one