Jarvis

adelmatrash · July 24, 2019, 11:22am

root@jarvis:~# id; wc -c root.txt
id; wc -c root.txt
uid=0(root) gid=0(root) groups=0(root)
33 root.txt

Cool machine!
Fim de jogo.

adelmatrash · July 24, 2019, 1:22pm

Trying get www-* shell from other ways. Until now I can confirm two different ways to get it.

MalwareMonkey · July 24, 2019, 3:22pm

Rooted. www-* to root was fun. The path to root was interesting with a lot of learning potential for linux sysadmin control features.

There are plenty of hints in this thread to get you through. Once you get your shell it’s straightforward.

Ghost40 · July 24, 2019, 5:10pm

Okay, still working through user. I am having a syntax error. I am using a certain web attack on a room. I can write files to /v**/w**/h***. But when viewing the new file, it shows me the column numbers with my code in the column I used.

I can get a shell with a popular tool, but there are limits to that shell.

Ghost40 · July 24, 2019, 9:16pm

User down. Bad syntax on my part. No creds needed. On to root…

d0n601 · July 25, 2019, 1:54am

Rooted at last.

I spawned one shell from another shell from another shell from another shell from another…

Tip for root: copy your public key into authorized_hosts and just ssh in. I was unable to modify the system administration stuff from my reverse shell. I ssh’d in properly, and the same exact steps worked perfectly.

Edit: Before I logged off the box I saw someone message me on the wall about how I got a particular file into the /tmp folder. Use your kali’s apache server, host whatever files you’d like to be able to transfer on there, and then use wget from your shell on the box.

pourquoi · July 25, 2019, 3:51am

Finally rooted. Great Thanks to @WhiteVoid especially and some others that help me along the way.

krypt0s · July 25, 2019, 6:32am

One shell leads to another leads to another leads to…root.txt
Nice and straightforward box which aside from that one s*******l breadcrumb at the end is quite a life-life setup.

Thanks @manulqwerty and @Ghostpp7 for this one!

Feel free to PM if you’re stuck and looking for a nudge in the right direction.

idomino · July 25, 2019, 8:31pm

I’m super lost with the hint about the rooms… a PM nudge in the right direction would be greatly appreciated.

Ghost40 · July 26, 2019, 12:49am

Sooo back at root. I am in as w**-d***, full tty using python pty. I was working at a certain script owned by p***** that according to s*** I could run. But a few dozen tries with different input/output configurations nothing came up. All led to permission denied or temporary failure in name resolution. Figured I might be in a rabbit hole.

Then I started privilege esc enum again and noticed a certain binary that could be run by another user. Thats where I am stuck, trying to either move to the certain user, or leverage the binary to do what I need it to. Would appreciate a nudge.

Thanks!

Fidget · July 26, 2019, 3:01am

Great box, loved it !

User:
enumeration doesn’t always mean dirb
If you’re being blocked change things…
Know your tools, man is your friend…so is Google!!!
don’t over complicate, keep it simple and when stuck, back to this thread, all the clues are here

Root:
Enumeration, find something that looks unusual, google…google some more, read the thread again.

n1h4x · July 26, 2019, 4:00pm

Hey guys, I am trying to hack jarvis but it seems im totally stuck after the enum… found the p********n page and im totally lost now… I think it’s vuln to LFI but not sure as some exploits didn’t work… any useful nudge where to look? Im new into this

idomino · July 26, 2019, 10:10pm

Type your comment> @idomino said:

I’m super lost with the hint about the rooms… a PM nudge in the right direction would be greatly appreciated.

THANK YOU for those who PM-d me Got the user, now onto the root

nailbit3r · July 27, 2019, 5:03am

Type your comment> @mava said:

Can someone help me a bit?
I got the shell as pr via sr but no wan’t echo any output.
If i type ls, it just shows ls but not the folders.
But I still can use cd, i just have no output for the commands.
Maybe I did something wrong with the privEsc command.
Little Help would be nice.
Thanks

Just exit after giving your commands. Will see the output

Earlybird · July 27, 2019, 10:16am

can someone help me out with jarvis.i got user flag but having trouble with getting access to root flag.how do i start with finding root flag

FailWhale · July 27, 2019, 11:23am

Man im so stuck on s*******.*y, i got it run as the user, but i stumped on escaping the character blacklist. I’ve read the forum posts, but havent been able to find a proper hint for this one, other that to google it, which didnt yield any results

n1h4x · July 27, 2019, 11:36am

any idea why i get banned all the time? I don’t bruteforce -.-

n1h4x · July 27, 2019, 1:03pm

Type your comment> @FailWhale said:

Man im so stuck on s*******.*y, i got it run as the user, but i stumped on escaping the character blacklist. I’ve read the forum posts, but havent been able to find a proper hint for this one, other that to google it, which didnt yield any results

same here

Fidget · July 27, 2019, 1:36pm

Type your comment> @n1h4x said:

Type your comment> @FailWhale said:

Man im so stuck on s*******.*y, i got it run as the user, but i stumped on escaping the character blacklist. I’ve read the forum posts, but havent been able to find a proper hint for this one, other that to google it, which didnt yield any results

same here

Maybe you don’t need to escape…go back through this entire thread, there’s a big clue

FailWhale · July 27, 2019, 2:27pm

Got it now thanks for the help @ixxelles