Jarvis

Rooted. Very fun box. I spent 2-3 days for initial foothold. I never used s*l**p before, so on one of the pages I got a positive result and to be honest I don’t know why the tool didn’t work on other pages but worked on that one, may be someone can explain me because I think I am weak at web part of the game. After that was easy and straight forward. Thanks to the creator of the machine.

If you keep getting a shell under w-d, dont use the python command…just go straight for the script. I lost couple of hours because of this since it was running the ‘python’ command under pepper but not the actual script.

jarvis seems down anybody facing same issue ?? or its my internet

What an awesome box this was. Getting user was pretty straight forward if properly enumerated. However, the Root part is bit tricky.

Feel free to knock me for Hints/nudges :slight_smile:

Rooted. Box is pretty straightfoward. Thanks to @darkkoan for reminding me to read enum results very thoroughly.
I had one issue though. when i got into **pr, I could not see the output of my terminal commands. Had the create another nc session. Then, in that nc session, after getting interactive shell, I could not run vi or nano properly. Can anyone help me understand this? Had to write files using cat

Could someone walk me through the beginning of the box please? Feel free to shoot me a PM. Thanks :slight_smile:

A taff box! My first Medium Box actually and finally rooted with a lot of help my new fried @Freak2600… thank you man.

Type your comment> @vider said:

A taff box! My first Medium Box actually and finally rooted with a lot of help my new fried @Freak2600… thank you man.

Anytime.

scanned the box more than 10 times not getting a meaningful result, is there a special way of scanning???

Hey guys, I have been searching the rooms for quite some time and haven’t gotten any useful information. What am I looking for? A ZAP scan showed me there is a possible sql injection vulnerability, but nothing has returned anything useful. Any help is appreciated.

Hi to all. Got a user. Got a stable shell. I can not get root access. Please help me. I read all the tips but it doesn’t work. PM me please.

Can anyone explain to me why when i try to run the script with s*** -u p****r it asks for w**-***a password? i’ve tried upgrading shells but still get the same thing…

I start by getting a restricted shell by s****p tool and i get the os-shell, after that get run netcat stuff to get a shell, and then get a tty with python command (python -c ‘import pty; pty.spawn(“/bin/bash”)’

but no matter what, I still get a prompt asking for w**-a password when trying to run the script with s -u p****r.

please if someone knows why this is happening please pm me i’m gonna go crazy

I am having a lot of trouble with the initial foothold. I have searched all the rooms but found nothing. I read through all the posts in this forum and I am still stuck. I tried sql injection but got no where. Can someone PM and give me a hint?

Rooted. Very interesting box. If you need some help, feel free to PM me.

Hello! I’m working on Jarvis and I’m having trouble getting a shell as pr from the s**.y script. I wrote a script that makes a netcat connection to my machine and call it like using the $ method when the s*****.y asks for input. I get a shell on my machine, but as w*-d***. How can I make it run as pr? I thought running s**.y with sudo before might work, but it asks for w*-d*** password. Any hints will be much appreciated

Type your comment> @GlenRunciter said:

Can anyone explain to me why when i try to run the script with s*** -u p****r it asks for w**-***a password? i’ve tried upgrading shells but still get the same thing…

I start by getting a restricted shell by s****p tool and i get the os-shell, after that get run netcat stuff to get a shell, and then get a tty with python command (python -c ‘import pty; pty.spawn(“/bin/bash”)’

but no matter what, I still get a prompt asking for w**-a password when trying to run the script with s -u p****r.

please if someone knows why this is happening please pm me i’m gonna go crazy

U have to specify the script path after s*** -u p****r

root@jarvis:/#
Very interesting box.
I learned a lot of new methods.

Thanks to @21y4d for giving me some little guides :slight_smile:

FootHold : Pretty easy, Find the “Data Container” sub-directory in the website then think of the tools a script kiddie would use to exploit it to get the data. After that think of the ways you could get yourself a ‘black window’

User : Find the script and think of what would happen if “the user input function returned different data”? Google will help you with this quotation!

Root : Simple Enumerating, Focus in the “interesting” file/configuration and then create a new job for it … simply gtfo :stuck_out_tongue:

After read the code of the file (you know what file I mean), I found the “forbidden characters”… now the question is, how the ■■■■ I find the way to use a script without this characters and get the user prompt so many days in this point…

i’m stuck at the s***r. part of priv esc, how to escape the -p?

Got user yay; working on root

@Keroseno said:
After read the code of the file (you know what file I mean), I found the “forbidden characters”… now the question is, how the ■■■■ I find the way to use a script without this characters and get the user prompt so many days in this point…

Some ppl have already linked to a page which includes a way around it

https://dl.packetstormsecurity.net/1710-exploits/KL-001-2017-017.txt

Read the “proof of concept” section carefully