I got into the web interface but i'm currently stuck on what to do next. I tried to use b*** S**** on the diag page but can't figure out how to spawn a reverse shell or where to go from here. Any help would be appreciated.
@trickb0t said:
I got into the web interface but i'm currently stuck on what to do next. I tried to use b*** S**** on the diag page but can't figure out how to spawn a reverse shell or where to go from here. Any help would be appreciated.
I can help you get a user flag from here, but I haven't gone any further with this box due to all the nighmares about root :P
@abishek said:
i found something via s**p enum ..how to find the username for website login
I'm not sure why people are having such a hard time with the username. For educational stuff, it's basically in the doc Did you find anything, like even a PDF? If so, you answer lies there--if still stuck, just do a google search on that "code".
Second, what is one the the most absolute common logins for admin panels? I can't make it any easier for you from here
Woohoo privesc progress... thanks to reviewing the info I already have, plus some more enumeration, plus some trivial binary arithmetic.
Edit: squeeeeeee! I got root! Holy cow that was a lot of learning. It's going to take me a couple of hours to complete my writeup on this one, and I'll be adding to my personal list of useful tools and tips in about 3 different sections. This box was definitely worth trying harder on.
LegendarySpork
my badge doesn't work, click on my profile if you want rank and stuff
Wow, what a box! After two days of investigation and some hints I was able to figure what was needed. 2 days of continuous learning. As always the needed hints are in this forum.
Could I get some help regarding B** P***** h*****ing, please. I read the "ColoState" page to get an idea about the process, but I am not sure how I can apply it. Cheers!
@AzAxIaL said:
Could I get some help regarding B** P***** h*****ing, please. I read the "ColoState" page to get an idea about the process, but I am not sure how I can apply it. Cheers!
Try to find out which configuration decides what you announce and play with it. Also use some tools to watch the traffic going around, to get a better understanding of sent packages.
Is it supposed to take a while after we've made the necessary change for continuing priv esc? I think I've done what I'm supposed to, but I'm not receiving traffic and it looks like the network is propagating through the wrong interface
Is anyone available to share a bit of guidance with privexec on this host. Unfortunately, my skill set in the needed area is a bit lacking and would I like to get a better grasp. I've read the documentation and understand the concept but I'm a bit lost on the actual implementation. Any feedback would be sincerely appreciated.
Comments
What are some common usernames for web interfaces?
Got user and RCE. After reading all the "horror" stories for getting root on this box, not going to try unless someone wants to hold my hand
Overall fun box and I'd say has some real world application to it.
i guessed the most probable ones...but no luck....please inbox me
I got into the web interface but i'm currently stuck on what to do next. I tried to use b*** S**** on the diag page but can't figure out how to spawn a reverse shell or where to go from here. Any help would be appreciated.
I can help you get a user flag from here, but I haven't gone any further with this box due to all the nighmares about root :P
If you did, then you probably have the wrong password. Did you get information needed from SNMP? If not, do that.
I'm not sure why people are having such a hard time with the username. For educational stuff, it's basically in the doc
Did you find anything, like even a PDF? If so, you answer lies there--if still stuck, just do a google search on that "code".
Second, what is one the the most absolute common logins for admin panels? I can't make it any easier for you from here
Priv esc is killing me...
Woohoo privesc progress... thanks to reviewing the info I already have, plus some more enumeration, plus some trivial binary arithmetic.
Edit: squeeeeeee! I got root! Holy cow that was a lot of learning. It's going to take me a couple of hours to complete my writeup on this one, and I'll be adding to my personal list of useful tools and tips in about 3 different sections. This box was definitely worth trying harder on.
LegendarySpork
my badge doesn't work, click on my profile if you want rank and stuff
Any hints to get root.txt? I do not understand this router
Wow, what a box! After two days of investigation and some hints I was able to figure what was needed. 2 days of continuous learning. As always the needed hints are in this forum.
Got root thanks a lot to @breakingthings, very nice mate!!
is someone avaliable to PM me about privesc??? i have tried several times B** h******* with no success.
Could I get some help regarding B** P***** h*****ing, please. I read the "ColoState" page to get an idea about the process, but I am not sure how I can apply it. Cheers!
Discord: AzAxIaL#8633
Login Bypassed
move to user
Try to find out which configuration decides what you announce and play with it. Also use some tools to watch the traffic going around, to get a better understanding of sent packages.
Spoiler Removed - egre55
Pay close attention to the doc. You have enough information to log in.
For priv esc, I'm able to t*pd**p after making certain modifications, and I'm able to see requests. What exactly are we looking for?
Hi guys,
I did the login, now I am in the web app, I inspected the code and found "check=" parameter and now I'm blocked. Some hint?
help please. Logged in into the front end but dir checker didn't help me
ok, solved user flag. easy peasy
can you give me a hint? stuck after the login, tried to use the url to get a shell but no idea what to do
I found the c***k parameter and used the right encoding but I am still not getting any output or a reverse shell. Can someone PM me?
Guys if someone is willing to help, can you PM me.
I believe i'm getting very close to the final part and believe I have the concept in mind, but just can't seem to put it into action.
for details: I already hijacked the B** Ro*** with Q*****.
I'm in the same position!
If someone could please discuss via PM, i'd be extremely grateful
Is it supposed to take a while after we've made the necessary change for continuing priv esc? I think I've done what I'm supposed to, but I'm not receiving traffic and it looks like the network is propagating through the wrong interface
Priv esc was an absolute brain**** but rooted thanks to help from @ZaphodBB and @Rantrel
Is anyone available to share a bit of guidance with privexec on this host. Unfortunately, my skill set in the needed area is a bit lacking and would I like to get a better grasp. I've read the documentation and understand the concept but I'm a bit lost on the actual implementation. Any feedback would be sincerely appreciated.