Jarvis

WobbelyWasp · August 9, 2019, 5:05pm

Finally rooted! I like the box and learned a lot!

Gn0m3h4ck3r · August 10, 2019, 6:52am

root@jarvis:/#

Anyone having issues with it, message me. I will give you some decent hints as I ran into all the bugs and all the rabbit holes that you can think of. Googled the right things with the wrong answers. Learnt quite a bit though so atleast theres that.

Thanks to @fr4nkln for the nudges and the fault finding help.

Tugzen · August 10, 2019, 3:11pm

ı get the w**-da user and need to pric to p****r user.I found the cript s***.py and understand that need to priv the p**g command utility to get the user.Basicly,I am using “;” but the script catches me.I also looked internet but couldn’t anything else about this utility.Please PM me,I stcuked in this part.Thanks!

t00rmund · August 10, 2019, 5:08pm

Just owned user! Thank you to @trollzorftw for the nudge. Quick tips:

who you run something as is just as important as what you run
google is your friend on finding ways to escape forbidden characters. Spend enough time and get that money!

doates12 · August 10, 2019, 8:48pm

I finally was able to root this box and it was my first time actually completing one. It took a lot of me banging my head against the wall and googling and then having to google things to understand what I googled. When trying to exploit s******.*y I saw a lot of people saying to google bypassing forbidden characters and so I did, but so help me god I could not figure that hint out to save my life! if someone that did find out how to do it wouldn’t mind sending me a PM with how you did it I am really curious to see what I was missing.

Also for those of you that are in the same boat that I currently am and cant figure out how to bypass the characters I can say there is a way to do it without using any of those characters. The hint I would give you for the way I did it is to take a look at the link about InfoBlox Netmri that many other people have linked in the forum and to read it from top to bottom, you only need to really use a small part of it but you might miss it if you’re skimming.

Anyone who needs help feel free to PM me and I’ll do my best with what I know!

Tugzen · August 11, 2019, 12:18pm

Type your comment> @Tugzen said:

ı get the w**-da user and need to pric to p****r user.I found the cript s***.py and understand that need to priv the p**g command utility to get the user.Basicly,I am using “;” but the script catches me.I also looked internet but couldn’t anything else about this utility.Please PM me,I stcuked in this part.Thanks!

I got the User

Luckyster895 · August 11, 2019, 2:42pm

Owned user if any one need help with user ping me .
Need help with root

walksthewires · August 12, 2019, 3:16am

Hey guys, as so many I am struggling to make use of the s******.y functionality. I have access via the obvious easy-to-get shell as 'w*-***', and I can see where the above mentioned function writes its stuff to and also how it might be exploited to get to user.txt, yet where to “activate” it it, or how? Sometimes it writes stuff (automated tool), whereas manual tests go unnoticed? Any PM would be appreciated. Cheers WtW

strudwick · August 12, 2019, 2:12pm

Trying to get root. Need a nudge. PM me. Thanks

PonderNG · August 12, 2019, 4:34pm

Finally rooted this box, and it was really fun! Proper enumeration does make things straightforward, but for me, getting the shells still required fiddling with things and learning some new stuff. Wish I could have found a way to use the filtered characters like some people in the forums alluded to, instead I just used other ones that weren’t a problem.

Dark0 · August 12, 2019, 6:04pm

.

Tugzen · August 12, 2019, 7:41pm

working for root.Understood the way that I have to manipulate s******l.

I create a service under a folder which can give me a root reverse shellibut when I try to enable it via I got an error that no such file or directory.I couldn’t pass it.Can anyone sed me a hint please?Thanks

Tugzen · August 12, 2019, 8:49pm

Type your comment> @Tugzen said:

working for root.Understood the way that I have to manipulate s******l.

I create a service under a folder which can give me a root reverse shellibut when I try to enable it via I got an error that no such file or directory.I couldn’t pass it.Can anyone sed me a hint please?Thanks

nevermind,I got it.

saminskip · August 13, 2019, 7:13am

Rooted! Had some issues with root but got the syntax in the end. Hit me up for help!

swaim · August 13, 2019, 7:07pm

If u need the hand, pm me!

Dalle27 · August 13, 2019, 8:42pm

is the right place / r**m.php?c*d=1 to get a shell ??

coryshawty · August 14, 2019, 5:05pm

Finally rooted. Learned a lot from this box. It’ll be nice to read the writeups on this box now to understand everything even more. User was pretty straightforward, root took a little researching for me to understand what to do.

Luckyster895 · August 15, 2019, 5:51am

Type your comment> @AMATOL15 said:

Very nice Box
Rooted, PM me if stuck.

@Dalle27 said:
is the right place / r**m.php?c*d=1 to get a shell ??

yes

deLjke · August 15, 2019, 2:07pm

Type your comment> @deviate said:

Type your comment> @JepFrenzel said:

I found the p**n page and the r.php?= page which both seem relevant, but I can’t figure out what to do. Can someone point me in the right direction? I’m pretty much a noob.

I’d suggest reviewing ippsec videos. You’ve found a few pretty interesting things. If you don’t know how to get farther, you’ll learn a lot from just watching those videos.

What video do you mean?

mx64 · August 15, 2019, 3:46pm

the s*****.py file is it in An-U****s .