Celestial hint

@Teryx said:
Spoiler Removed - Arrexel

PM me

Rooted. The priv esc on this is similar to Bashed you just have to wait :wink:

This was quite a fun and interesting box to pop :-).

I thinks some guys see version of kernel and tried exploit → crash or he tried wrong payload for running service. Priv Esc is easy as cake if you find the right way.

Rooted. But need a pointer. I knew what to edit since there was a file constantly changing. But i did this blindly (i.e., o suspected of that file, but had nothing solid to go on). Tried to find references to that file but couldn’t.

Can someone DM please? Thanks.

Feel free to PM for help

Spoiler Removed - Arrexel

@rk2311 You’re on the right track. Just find out “what” changes this output.txt file every 5 minutes (if you enumerate a bit more it’ll be obvious), and then you’ll get root easily!

Looks like ,i got the file which changes this output.txt.But on doing vi o the script file,i am not able to edit that existing code.Looks like vi is not behaving properly on my reverse shell terminal.

Any way to fix this.

P.S: Got it (User and root) :slight_smile:

hello…
this is my second machine…
anyone give advice? if you can give advice…
please pm.

I got quite lucky with this box. I found the article online to get me reverse shell and was able to root in within 2 hours. If any needs a hint on this machine, feel free to PM me

i got user on celestial but can’t put together the pieces to priv esc. It seems to have to do something with the txt file on the desktop. pm if you can help

PM if you’re having problems

This has been my favourite box so far! Enjoyed this one. Managed to get root without hints from the forums.

Advice to everyone else looking for root.
Look what files are in the user’s home and who owns them. Think about how they got there.
Dig deeper than a standard ls

Hi, what happens with Celestial? its application is almost always down

Disregard. rooted

@Th3R0ck said:
CyDefUnicorn , look for what is odd in the user’s home directory and figure out how it got there :slight_smile:

Golden tip, thank you! :smiley:

@AWSec said:
Keep getting invalid username :confused: any help on that?

maybe he want the username in the json payload exactly as the original one? :wink:

i need help in error invalid username

Already try the generated payload multiple times, But not able to get reverse shell on this box.
But the generated payload was able to get reverse shell for on my own server.
need some help can anyone PM me?