Celestial hint

;-; whyz you needz hintz

when ever i am running the exploit i am getting
An error occurred…invalid username type

why is it so can you help me

nvm got it

@stevv said:
when ever i am running the exploit i am getting
An error occurred…invalid username type

why is it so can you help me

Feel free to PM me - I’ll try to help debug it with you

Hi everyone,
I try to get the user’s flag via the cookie to inject system commands but without success.
I get this page:
“Hey Dummy undefined + undefined is NaN”
I think it’s a syntax error but I’m not sure.
Can anyone PM me to debug this with me please ?

@stevv said:
when ever i am running the exploit i am getting
An error occurred…invalid username type

why is it so can you help me

nvm got it

I am stuck on that bit, could you PM me what you changed? I think I’m missing something obvious

can someone help me here in the last step of priv escalation but not getting the s**** back but when i manually run it its getting a connection back

Hi all, I’m sending the exploit correctly, however I don’t seem to be getting a response, any tips, PM me?

if somebody needs any help pm me

@xtech said:

@s2233 said:
Waiting 5 minutes wouldn’t be so bad if the box could stay up for more than 5 minutes at a time…

yeah wait 5 min but how about someone changes your script to a reverse shell in these minutes, deleting your script and crashing the server :-1:

Hey @xtech I 100% agree with you. That is something I personally had not considered when designing the priv esc. It definitely makes things trickier in the free HTB environments. I can’t undo the damage in this case unfortunately, but I definitely have a solution to prevent a poor design choice like this should I use a similar technique for a challenge in the future.

I really appreciate you speaking up about that issue, it forced me to really think about the design of machines for HTB, and come up with a better way to implement something like that later on.

@s2233 said:

Hey @xtech I 100% agree with you. That is something I personally had not considered when designing the priv esc. It definitely makes things trickier in the free HTB environments. I can’t undo the damage in this case unfortunately, but I definitely have a solution to prevent a poor design choice like this should I use a similar technique for a challenge in the future.

I really appreciate you speaking up about that issue, it forced me to really think about the design of machines for HTB, and come up with a better way to implement something like that later on.

yeah i knew the solution to get root but waited for the next day to execute it due to that guy who kept changing my script. However, the user exploit was good. Anyway, thanks for your contribution :slight_smile:

Hi , I am terribly new I got how to use burp. But I keep getting the invalid username.

Please PM me with a point in the right direction.

@muckitymuck said:
Hi , I am terribly new I got how to use burp. But I keep getting the invalid username.

Please PM me with a point in the right direction.

Coffee break and comeback :+1:

Still struggling on my 3rd day with this machine…hmm…still at getting user flag - got the payload but keep getting http error code 500 - unexpected token - even though i send the user etc in the payload request - any hints please PM me, thanks.

any tip for celestial exploit?

Having some difficulty with the Celestial payload. If someone could PM me, I would appreciate it.

Just got this. If anyone needs a nudge, feel free to PM me. :slight_smile:

goot root, nice box :wink:

Hello Friends

I already found the file that is refreshed every 5 but my question is how to get a root shell, if you could give me a hint.

Hi, there,

Some hint for the root shell

Just finished this one - that was a fun one, especially for a first-time n00b like me.

My generic tips :

  • Watch your newline characters!
  • Keep the two bits you need to stop you from getting errors, discard the rest, add payload
  • Once you’re in keep an eye out for permissions on files, and things that look similar inside

Good luck :slight_smile: