Carrier

1101113151627

Comments

  • @abishek said:
    i found something via s**p enum ..how to find the username for website login

    What are some common usernames for web interfaces?

    avoidy

  • Got user and RCE. After reading all the "horror" stories for getting root on this box, not going to try unless someone wants to hold my hand :pensive:

    Overall fun box and I'd say has some real world application to it.

    publicist

  • @avoidy said:

    @abishek said:
    i found something via s**p enum ..how to find the username for website login

    What are some common usernames for web interfaces?

    i guessed the most probable ones...but no luck....please inbox me

  • I got into the web interface but i'm currently stuck on what to do next. I tried to use b*** S**** on the diag page but can't figure out how to spawn a reverse shell or where to go from here. Any help would be appreciated.

  • @trickb0t said:
    I got into the web interface but i'm currently stuck on what to do next. I tried to use b*** S**** on the diag page but can't figure out how to spawn a reverse shell or where to go from here. Any help would be appreciated.

    I can help you get a user flag from here, but I haven't gone any further with this box due to all the nighmares about root :P

    publicist

  • @abishek said:

    @avoidy said:

    @abishek said:
    i found something via s**p enum ..how to find the username for website login

    What are some common usernames for web interfaces?

    i guessed the most probable ones...but no luck....please inbox me

    If you did, then you probably have the wrong password. Did you get information needed from SNMP? If not, do that.

    publicist

  • @abishek said:
    i found something via s**p enum ..how to find the username for website login

    I'm not sure why people are having such a hard time with the username. For educational stuff, it's basically in the doc ;) Did you find anything, like even a PDF? If so, you answer lies there--if still stuck, just do a google search on that "code".

    Second, what is one the the most absolute common logins for admin panels? I can't make it any easier for you from here ;)

    publicist

  • Priv esc is killing me...

  • edited November 2018

    Woohoo privesc progress... thanks to reviewing the info I already have, plus some more enumeration, plus some trivial binary arithmetic.

    Edit: squeeeeeee! I got root! Holy cow that was a lot of learning. It's going to take me a couple of hours to complete my writeup on this one, and I'll be adding to my personal list of useful tools and tips in about 3 different sections. This box was definitely worth trying harder on.

    LegendarySpork

    LegendarySpork

  • Any hints to get root.txt? I do not understand this router :anguished:

    samiux

  • Wow, what a box! After two days of investigation and some hints I was able to figure what was needed. 2 days of continuous learning. As always the needed hints are in this forum.

  • Got root thanks a lot to @breakingthings, very nice mate!!

    Hack The Box

  • is someone avaliable to PM me about privesc??? i have tried several times B** h******* with no success.

  • Could I get some help regarding B** P***** h*****ing, please. I read the "ColoState" page to get an idea about the process, but I am not sure how I can apply it. Cheers!

    Hack The Box
    Discord: AzAxIaL#8633

  • edited November 2018

    Login Bypassed

  • edited November 2018

    move to user :)

  • @AzAxIaL said:
    Could I get some help regarding B** P***** h*****ing, please. I read the "ColoState" page to get an idea about the process, but I am not sure how I can apply it. Cheers!

    Try to find out which configuration decides what you announce and play with it. Also use some tools to watch the traffic going around, to get a better understanding of sent packages.

  • edited November 2018

    Spoiler Removed - egre55

  • @Leakme said:
    the doc.

    Pay close attention to the doc. You have enough information to log in.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • For priv esc, I'm able to t*pd**p after making certain modifications, and I'm able to see requests. What exactly are we looking for?

  • Hi guys,
    I did the login, now I am in the web app, I inspected the code and found "check=" parameter and now I'm blocked. Some hint?

    Hack The Box

  • help please. Logged in into the front end but dir checker didn't help me :confounded:

  • ok, solved user flag. easy peasy :yum:

  • @sherl said:
    ok, solved user flag. easy peasy :yum:

    can you give me a hint? stuck after the login, tried to use the url to get a shell but no idea what to do

  • I found the c***k parameter and used the right encoding but I am still not getting any output or a reverse shell. Can someone PM me?

  • Guys if someone is willing to help, can you PM me.

    I believe i'm getting very close to the final part and believe I have the concept in mind, but just can't seem to put it into action.

    for details: I already hijacked the B** Ro*** with Q*****.

  • @mabunemeh said:
    Guys if someone is willing to help, can you PM me.

    I believe i'm getting very close to the final part and believe I have the concept in mind, but just can't seem to put it into action.

    for details: I already hijacked the B** Ro*** with Q*****.

    I'm in the same position!
    If someone could please discuss via PM, i'd be extremely grateful :D

  • Is it supposed to take a while after we've made the necessary change for continuing priv esc? I think I've done what I'm supposed to, but I'm not receiving traffic and it looks like the network is propagating through the wrong interface

  • Priv esc was an absolute brain**** but rooted thanks to help from @ZaphodBB and @Rantrel

  • Is anyone available to share a bit of guidance with privexec on this host. Unfortunately, my skill set in the needed area is a bit lacking and would I like to get a better grasp. I've read the documentation and understand the concept but I'm a bit lost on the actual implementation. Any feedback would be sincerely appreciated.

Sign In to comment.