Celestial hint

Do I need to install node JS in my kali linux in order to get a shell?

@Pratik said:
Do I need to install node JS in my kali linux in order to get a shell?

No. You are on the ‘receiving’ end of the connection

So i Did get root…but felt i complicated it and no idea how it worked. Can someone DM me or I DM someone who got root to discuss and exchange ideas. Thanks

any hints for privesc? thnx

no need :slight_smile:
ps : pretty easy

I think I found the vector through which i should be able to get it. The problem is every time I try running my exploit, I crash the service (I get disconnected w/o any apparent reason, and I can’t hit the relevant port until the machine is reset).
Has anyone encountered anything similar?

@uck084 don’t overthink it. The pieces you need to see are right in front of you. Keep any eye on the clock.

can someone PM me for some research materials on this one… i have the burp information and the base64 stuff, been playing around and getting error messages etc… i think im on the right track but not sure what im meant to be looking at next… what am i meant to be researching here … i can explain further in PMs to avoid spoilers…

guys, cau you help me on priv esc?

@MindOverflow42 you can PM me and tell me what you’ve tried and I’ll guide without spoilers.

I’m having troube with the privilege escalation too. I’ve tried a few things and I can’t see the hint that is supposed to be in the user folder :disappointed:

Hi, when I run repeater in Burpsuite I obtain the following error:

SyntaxError: Unexpected token 

   at Object.parse (native)
   at Object.exports.unserialize (/home/sun/node_modules/node-serialize/lib/serialize.js:62:16)
I have followed all the instructions to get the reverse shell but at the last step fail ...

Finally got it. I didn’t notice the a few details in the user folder. As they’ve already said: Keep an eye on the clock.

with so many hints no one got the privilege to ask for another hints .
pretty easy machine

Hey guys, i’m doing the privesc on the box, and i get root. Then a couple min later the box stops responding when i attempt to exec a command (cat /root/root.txt). Would someone be willing to DM me. I’d like to make sure i’m looking at the right thing for privesc.

I just managed to get root.txt on Celestial, but I’m not exactly sure how it worked even though I have a general idea. Would someone mind DM’ing me? Thanks

Hey, just to help with privesc a little, there is no need to know EXACTLY what is going on and how, just enumerate well, look closely and DOIT :slight_smile:

I stole user.txt without shell. Now I work for shell and privilege escalation.

Can someone help me out in dm for getting the initial shell on this one? do we have to have nodejs installed?

@securityprince said:
Can someone help me out in dm for getting the initial shell on this one? do we have to have nodejs installed?

No you do not. Nothing special is needed for this box.