Jarvis

i am quite stuck on the point of the first priv esc… i get a shell as the user i want but the shell dies after a while… any hints how to make it persistent?
PMs are welcome of course.

What a wild ride that was! Absolutely loved it, I feel like I’ve genuinely learnt something from this box.
Many thanks for some of the pointers here, and the creators for producing this.

It looks like I am in need of a pretty in depth description of how to actually exploit s******.p* . This is the first time I have attempted an exploit like this and I am anxious to learn. PM me !

THanks all !

ROOTED

Great box, really liked it.

USER: if you use a tool for enumeration take it to the next level, and not every room is the same.

ROOT: if you enumerate everything it will pop up, just make sure you’ve got a good visual :wink:

@ab3lson said:
Can I get a hint on how to escape the p**g command without using the forbidden characters?

sometimes you can give those characters a call :wink:

I cannot figure out what commands are use to by bypass the script to get to user. googled everything in this thread. Nothing is jumping out to me. Please DM me for help. Thanks!

Earlier I was able to use s********y to read user, but now all my commands seem to be running as www-****?

Rooted. Good box. If anyone touched the low-port service I’d be interested to know how, so if you could PM me that would be great. If anyone needs extra nudges, PM me.

So I know I have seen a lot on here that people’s hint for root is just basic enumeration, however I am still very new and everything I have tried so far has not worked. If someone could give me a nudge as to maybe some enumeration tools I should be using that would be greatly appreciated!

So I am in as p*****r user but I have not been able to get user.txt to open any hints

I think someone deleted the user.txt…

Hi guys, I managed to get user, working on root right now.
I wanted to know if anyone else apart from me experienced issues trying to work out the *.php?=… part. I dunno why but on the browser was working okay but trying it on burpsuite I’d only get 400 bad request response, let me know if you got the same problem.

Rooted, shells within shells within shells… GTFObins was a lifesaver.

Ok so now that I have beat my head against the computer screen for 3 hours, when trying to get root and using Li*****.sh I think I should be looking at Sy*l and Gns but I keep getting a “too few arguments” error. Any help would be greatly appropriated!

SO I have gotten sir.p to send c***s, but I cannot get it to actually run a .*h file. Am I working in the wrong direction?

hi stuck in room. Pls help

Finally got user, looking forward to taking it further to root!

Found this box to be really neat / logical and got from enumeration to foothold without any real missteps which is a first. I identified the interesting thing for getting user, but missed something pretty important about it. Definitely will spend more time running Linux enumeration in the shell next time.

I actually had the correct thing in hand to get user, but was getting something wrong that was small relatively speaking. There was an absolute path forward though, and after trawling through the comments in this thread it reconfirmed I had the correct approach and that got me to the finish line.

I friggin’ love this box so far.

Very nice Box
Rooted, PM me if stuck.

This machine was absolutely awesome! Got user and root and learned a lot. Thank you to robertwhite98 for pointing to the right direction.
If you need a nudge, let me know.

Fun box :smile: