Jarvis

i need help!!!
i am user p****r, and i have my .se in /t*.

i run:

syl lk $P/.se
sy
**l st ********

and the output:

Failed to link unit: No such file or directory
Failed to start ***.s*****e: Unit **.se not found.
Failed to start transient service unit: The name org.freedesktop.PolicyKit1 was not provided by any .s
e files

Rooted. A straightforward box!

Type your comment> @rubenix said:

i need help!!!
i am user p****r, and i have my .se in /t*.

i run:

syl lk $P/.se
sy
**l st ********

and the output:

Failed to link unit: No such file or directory
Failed to start ***.s*****e: Unit **.se not found.
Failed to start transient service unit: The name org.freedesktop.PolicyKit1 was not provided by any .s
e files

systemctl doesn’t get on well with /tmp folder

Just got root. Learned a lot on this box, especially the privesc.

Can someone help me a bit?
I got the shell as pr via sr but no wan’t echo any output.
If i type ls, it just shows ls but not the folders.
But I still can use cd, i just have no output for the commands.
Maybe I did something wrong with the privEsc command.
Little Help would be nice.
Thanks :slight_smile:

Can someone help me a bit?
I got the shell as pr via sr but no wan’t echo any output.
If i type ls, it just shows ls but not the folders.
But I still can use cd, i just have no output for the commands.
Maybe I did something wrong with the privEsc command.
Little Help would be nice.
Thanks :slight_smile:

Hey @mava, maybe you can spawn a new shell from your p******r shell. Just because you don’t see the output doesn’t mean the commands aren’t executing :wink:

check your available programs from your enumeration.

Rooted!
Nice box learned a lot.
Thanks to @v0yager :slight_smile:

Feel free if somebody needs help.

Rooted. Thanks to @BINtendo and @beorn . Let me know if you need any help.

Rooted!
OSCP like machine.

Rooted.

Some hint:
user: like a web pt, there is a classic web vulnerability that you exploit with a known tool in which you can create an os-shell,after then you must study a python script and with a google search (shell escape) you bypass forbidden character;
root : with a classic enumeration tool you find the way; use enable with absolute path and you must sure that your service/script have execution permissions.

Type your comment

Type your comment> @v0yager said:

Can someone help me a bit?
I got the shell as pr via sr but no wan’t echo any output.
If i type ls, it just shows ls but not the folders.
But I still can use cd, i just have no output for the commands.
Maybe I did something wrong with the privEsc command.
Little Help would be nice.
Thanks :slight_smile:

Hey @mava, maybe you can spawn a new shell from your p******r shell. Just because you don’t see the output doesn’t mean the commands aren’t executing :wink:

check your available programs from your enumeration.

Upgrading Simple Shells to Fully Interactive TTYs - ropnop blog

You should upgrade your shell, to more interactive shell, i think. I did it with python’s pty.

@rubenix said:
i need help!!!
i am user p****r, and i have my .se in /t*.

i run:

syl lk $P/.se
sy
**l st ********

and the output:

Failed to link unit: No such file or directory
Failed to start ***.s*****e: Unit **.se not found.
Failed to start transient service unit: The name org.freedesktop.PolicyKit1 was not provided by any .s
e files
Bthw i got the same issue, not only in /t** dir, but really everywhere. So i think i’m stuck.I will appreciate any help provided)

Type your comment> @LetMeO said:

@rubenix said:
i need help!!!
i am user p****r, and i have my .se in /t*.

i run:

syl lk $P/.se
sy
**l st ********

and the output:

Failed to link unit: No such file or directory
Failed to start ***.s*****e: Unit **.se not found.
Failed to start transient service unit: The name org.freedesktop.PolicyKit1 was not provided by any .s
e files
Bthw i got the same issue, not only in /t** dir, but really everywhere. So i think i’m stuck.I will appreciate any help provided)

read more about s*ctl. it is configured weird so if you know the syntax it will allow you to drop something in the restricted folder.

rooted!!!
any hint, pm
thx for clue

Now that I just rooted the box I am very curious about how the foothold has been performed via PMA or the referenced room as I ‘mapped’ my way in.

Besides that I enjoyed the box being straight forward … enum, spot, research, exploit for all stages.

Thanks!

Hi everyone. reverseoshell more user **** r obtained.Now go to the SYSTEM administrator.
Tanks you all for the suggestions

EDIT: Locked on Po **** k error.any help? pm please

Yay. Got Root. Thanks @bing0o for all the DM help, everyone else for the many many clues in this thread, and whichever user left a copy of the file I needed to copy to get root lying around :wink:

Now just to understand what I actually did :slight_smile:

AA! Rooted!! :slight_smile: if anybody need help, just PM me :slight_smile:

I already red all the hints of this threat , but i’m stuck, i can’t run spy with another user ps , i tried many tricks with sudo and su , but I can’t, Someone has a nudge?