Celestial hint

I need a priv esc hint. pleaassssseeee someone? I am getting more frustrated than American Pie.

Read through a few articles going over the same exploit, running into “An error occurred…invalid username type”. If I try to replace other variables, I still don’t get a reverse shell. Any nudge in the right direction would be appreciated.

@crybabycarlos said:
Read through a few articles going over the same exploit, running into “An error occurred…invalid username type”. If I try to replace other variables, I still don’t get a reverse shell. Any nudge in the right direction would be appreciated.

I am getting the exact same errors… If i wasn’t already bald I’d be pulling out my hair

@Nutellack said:
get same error message but it’s working fine, I get a shell,
did you control if your listener connects ?

You get the same error and it still connects? Hmmm, I will have to go back and see if there is something I am doing wrong… Are you using nc as a listener?

I’m also haveing some trouble getting a foothold. I get where I have to do it, I have just tried alot of things, and for some reason the port goes down every 5 min right now.
A hint would be appriciated, pm :anguished:

Just got the user flag. The biggest hint I could give is that there is an article and video on the internet that pretty much walks you through it. Enumerate the services and start looking for juicy articles on them.

is anyone having issues with this box? It keeps going down like every minute or so

Do I need to install node JS in my kali linux in order to get a shell?

@Pratik said:
Do I need to install node JS in my kali linux in order to get a shell?

No. You are on the ‘receiving’ end of the connection

So i Did get root…but felt i complicated it and no idea how it worked. Can someone DM me or I DM someone who got root to discuss and exchange ideas. Thanks

any hints for privesc? thnx

no need :slight_smile:
ps : pretty easy

I think I found the vector through which i should be able to get it. The problem is every time I try running my exploit, I crash the service (I get disconnected w/o any apparent reason, and I can’t hit the relevant port until the machine is reset).
Has anyone encountered anything similar?

@uck084 don’t overthink it. The pieces you need to see are right in front of you. Keep any eye on the clock.

can someone PM me for some research materials on this one… i have the burp information and the base64 stuff, been playing around and getting error messages etc… i think im on the right track but not sure what im meant to be looking at next… what am i meant to be researching here … i can explain further in PMs to avoid spoilers…

guys, cau you help me on priv esc?

@MindOverflow42 you can PM me and tell me what you’ve tried and I’ll guide without spoilers.

I’m having troube with the privilege escalation too. I’ve tried a few things and I can’t see the hint that is supposed to be in the user folder :disappointed:

Hi, when I run repeater in Burpsuite I obtain the following error:

SyntaxError: Unexpected token 

   at Object.parse (native)
   at Object.exports.unserialize (/home/sun/node_modules/node-serialize/lib/serialize.js:62:16)
I have followed all the instructions to get the reverse shell but at the last step fail ...

Finally got it. I didn’t notice the a few details in the user folder. As they’ve already said: Keep an eye on the clock.