Celestial hint

i got a shell… theres no user.txt in ~ even after reset. is it supposed to be that way?
It’s not always the case that the user.txt is in ~. I’ve seen cases where the file is located in ~/Desktop/ or ~/Documents/. I think it’s just that user.txt won’t be anywhere too far away from ~.

If anyone needs a little nudge, feel free to PM me

okay so edited the file and got the root shell. can someone pm me/reply what actually triggered the file? still kinda confused

@mxchai said:
If anyone needs a little nudge, feel free to PM me

btw got it. thanks!

i need little bit help with priv esc …i found python script and txt file in home dir

@eransh10 said:
Ok - first - this may be a spoiler so take it into consideration.
Now - I managed (using burp suite) to fin the following: “username”:““,“country”:”“,“city”:”“,“num”:”
Question is - where do I enter this username and these creds? ?

i have this,but now what,i thnik i have the id,now how i can send this to the request.

I have the Json,but now what?,can i send this with bursp?

Need help with the Payload! Please PM me.

@Pisedoff @Killll Just type on google Node JS exploit ,you will found a good resurse ,and try to use a python tool for regenerate payload

After getting the user flag I am struggling to stay connected to Celestial server. Is there anything I can do to improve stability on my my connection with this ■■■■■■ server?

once you have enumerated enough

patience is the key with this one with priv esc !!

@sh4nk i use LinEnum.sh …but i dont see nothing intresting …maybe i need some documentation

check for scheduled tasks @T3jv1l … there’s something suspicious being executed

If you are getting “An error occurred…invalid username type” named error message, you can try to listener method. and hint priv. esc. ??

Anyone got a hint on editing the file that writes to the other file? Can’t get the command to run properly when the time rolls round again?

@svensen said:
Anyone got a hint on editing the file that writes to the other file? Can’t get the command to run properly when the time rolls round again?

I wrote the file on my local machine, put in on the RHOST. I managed to go from boot to root in 1 hour 20 mins, very happy with this box.

Got root flag. Can someone pm and explain why I had to edit that thing? i.e. where was the thing being called? I feel like I knew what to do the whole time, and eventually just guessed and got it but didn’t learn anything in priv esc.

Anyone able to PM on where I may be going wrong here with response to my payload:

SyntaxError: Unexpected token

at Object.parse (native)
at Object.exports.unserialize (/home/sun/node_modules/node-serialize/lib/serialize.js:62:16)
at /home/sun/server.js:11:24
at Layer.handle [as handle_request] (/home/sun/node_modules/express/lib/router/layer.js:95:5)
at next (/home/sun/node_modules/express/lib/router/route.js:137:13)
at Route.dispatch (/home/sun/node_modules/express/lib/router/route.js:112:3)
at Layer.handle [as handle_request] (/home/sun/node_modules/express/lib/router/layer.js:95:5)
at /home/sun/node_modules/express/lib/router/index.js:281:22
at Function.process_params (/home/sun/node_modules/express/lib/router/index.js:335:12)
at next (/home/sun/node_modules/express/lib/router/index.js:275:10)

Any Help much appreciated!

Ignore, got it.

If you need a hint check out /var/log/syslog

Just got user and root both in two hours, this is one of the easiest box, i am not able to understand why deren rook made such an easy box, atleast the privesc should have had something :frowning: