i got a shell… theres no user.txt in ~ even after reset. is it supposed to be that way?
It’s not always the case that theuser.txt
is in~
. I’ve seen cases where the file is located in~/Desktop/
or~/Documents/
. I think it’s just thatuser.txt
won’t be anywhere too far away from~
.
If anyone needs a little nudge, feel free to PM me
okay so edited the file and got the root shell. can someone pm me/reply what actually triggered the file? still kinda confused
i need little bit help with priv esc …i found python script and txt file in home dir
@eransh10 said:
Ok - first - this may be a spoiler so take it into consideration.
Now - I managed (using burp suite) to fin the following: “username”:““,“country”:”“,“city”:”“,“num”:””
Question is - where do I enter this username and these creds? ?
i have this,but now what,i thnik i have the id,now how i can send this to the request.
I have the Json,but now what?,can i send this with bursp?
Need help with the Payload! Please PM me.
@Pisedoff @Killll Just type on google Node JS exploit ,you will found a good resurse ,and try to use a python tool for regenerate payload
After getting the user flag I am struggling to stay connected to Celestial server. Is there anything I can do to improve stability on my my connection with this ■■■■■■ server?
once you have enumerated enough
patience is the key with this one with priv esc !!
If you are getting “An error occurred…invalid username type” named error message, you can try to listener method. and hint priv. esc. ??
Anyone got a hint on editing the file that writes to the other file? Can’t get the command to run properly when the time rolls round again?
@svensen said:
Anyone got a hint on editing the file that writes to the other file? Can’t get the command to run properly when the time rolls round again?
I wrote the file on my local machine, put in on the RHOST. I managed to go from boot to root in 1 hour 20 mins, very happy with this box.
Got root flag. Can someone pm and explain why I had to edit that thing? i.e. where was the thing being called? I feel like I knew what to do the whole time, and eventually just guessed and got it but didn’t learn anything in priv esc.
Anyone able to PM on where I may be going wrong here with response to my payload:
SyntaxError: Unexpected token
at Object.parse (native)
at Object.exports.unserialize (/home/sun/node_modules/node-serialize/lib/serialize.js:62:16)
at /home/sun/server.js:11:24
at Layer.handle [as handle_request] (/home/sun/node_modules/express/lib/router/layer.js:95:5)
at next (/home/sun/node_modules/express/lib/router/route.js:137:13)
at Route.dispatch (/home/sun/node_modules/express/lib/router/route.js:112:3)
at Layer.handle [as handle_request] (/home/sun/node_modules/express/lib/router/layer.js:95:5)
at /home/sun/node_modules/express/lib/router/index.js:281:22
at Function.process_params (/home/sun/node_modules/express/lib/router/index.js:335:12)
at next (/home/sun/node_modules/express/lib/router/index.js:275:10)
Any Help much appreciated!
Ignore, got it.
If you need a hint check out /var/log/syslog
Just got user and root both in two hours, this is one of the easiest box, i am not able to understand why deren rook made such an easy box, atleast the privesc should have had something