Carrier

2456727

Comments

  • OMG stop brute forcing this box, I can't even get gobuster to run for 15 seconds due to performance issues. 95% are not bruteforce.

  • Could someone please send me a hint about the RCE. Thanks!

  • @AlexanderNagy said:
    Could someone please send me a hint about the RCE. Thanks!

    if your login has been successful, analyze the only point which "executes" something...

  • Stuck at privilege escalation from so long. Can someone point me in a right direction.

    MrR3boot
    Learn | Hack | Have Fun

  • @MrR3boot said:
    Stuck at privilege escalation from so long. Can someone point me in a right direction.

    same

  • Are there anyone who suffers from machine's unstable situation? I am at VIP zone but after resetting machine, ports are not opening even after 5 minutes, is this normal? On the other hand, that udp port should be working correctly but even I tried enumeration with 3 different tool and msf aux modules, i couldnt get any information.(connected but no info) Is this normal and we must play with public-private settings (u know what i mean c******ty)? Thanks in advance..

    Wainright

  • @Wainright said:
    Are there anyone who suffers from machine's unstable situation? I am at VIP zone but after resetting machine, ports are not opening even after 5 minutes, is this normal? On the other hand, that udp port should be working correctly but even I tried enumeration with 3 different tool and msf aux modules, i couldnt get any information.(connected but no info) Is this normal and we must play with public-private settings (u know what i mean c******ty)? Thanks in advance..

    i know that if you enumerate the wrong c*******y you get a timeout error.

    enumerating the right one doesn't give you back tons of info. just that one you need.

    Hack The Box

  • why is the snmp port now closed, is it supposed to be

  • @badman89 said:
    why is the snmp port now closed, is it supposed to be

    I think the box is just too crowded or fuk'd up somehow atm. I have had troubles since yesterday with it.

  • ok, managed to get user.txt and shell as the root user. However I'm not sure where root.txt is, or what to do next? any clues

    Parttimesecguy

  • Can anyone point me kinda in the right direction after logging-in?

    center

  • For the root flag, do I need pivoting?

  • I only got user.txt so far, and from what I can tell... seems like, we are in only one of the containers within a multitude of containers (that horror).............................

    I think I know why this box is called carrier... (that horror again)........................

    wilsonnkwanl

  • KyyKyy
    edited September 2018

    @Center said:
    Can anyone point me kinda in the right direction after logging-in?

    Would appreciate a hint too...

    EDIT:
    Now needing help to form a rev shell
    EDIT2:
    Rev shell obtained, wokring on root.

  • @wilsonnkwan said:

    I think I know why this box is called carrier... (that horror again)........................

    I think I have the same suspicion as you and it is breaking my heart...

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • @dragonitesec said:

    @AlexanderNagy said:
    Could someone please send me a hint about the RCE. Thanks!

    if your login has been successful, analyze the only point which "executes" something...

    In hindsight this is a very, very useful tip. I wish I'd seen it earlier......

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Anyone know if you have to b** something with a q to another box?

    cslatt05

  • Just look at the routing table. :scream:

  • I got user. And I got a private key. However when I try to ssh in, it asks me for a password. I assume the key has a password on it as well?

    Dumb question - BUT IM LEARNING :bleep_bloop:

    Hack The Box

  • @Underworld said:
    I got user. And I got a private key. However when I try to ssh in, it asks me for a password. I assume the key has a password on it as well?

    Dumb question - BUT IM LEARNING :bleep_bloop:

    The private key you have is not exactly in the Carrier IP.
    Check ifconfig on the machine..

  • Who well know network and got root, using only B**?

  • @AuxSarge said:

    @opt1kz said:
    I just started poking at it, so I'm still enumerating and working on user. Is the serial number thing a dead end? Edit: It is not a dead end. Just had to enumerate more.

    Thank you for this. I have been scratching my head for too many minutes.

    @taytay said:

    @0xlc said:

    @taytay said:
    struggling to even get user. any help would be appreciated :) thanks

    did you find the doc? it seems we need to get default user/pwd from the chasiss but enumerating with common tools and wordlists didn't work out for me

    I have found a few documents yes, still not able to find any chassis that it refers to. i'll pm you.

    same boat

  • hint on login creds..?

  • KyyKyy
    edited September 2018

    Hints for the reverse shell? I am able to execute commands but no luck getting reverse shell. It shuts down the connection always instantly...

  • @sakyb said:
    hint on login creds..?

    something on some open ports... NOT on the TCP range

    wilsonnkwanl

  • @Kykli said:
    Hints for the reverse shell? I am able to execute commands but no luck getting reverse shell. It shuts down the connection always instantly...

    try a different rev shell ;)

    Hack The Box

  • @0xlc said:

    @Kykli said:
    Hints for the reverse shell? I am able to execute commands but no luck getting reverse shell. It shuts down the connection always instantly...

    try a different rev shell ;)

    Have tried so many ways already and nothing is working :astonished:

  • any hint after rce ..? got the Shell!

  • @sakyb said:
    any hint after rce ..? got the Shell!

    Same boat.

    Found some IPs and found a service is running on one of the IP. Login the service, but there is nothing. Any hint...?

  • Hint for everyone looking for privilege escalation tips: If you enumerate the LAN, you'll find several other nodes. You'll notice they all have the same service running on them. That service, plus the original value of the parameter from the RCE step, plus the diagram you found during enumeration... A bit of Googling with these things in mind should lead you to an attack vector.

    opt1kz
    https://i.imgur.com/4jXzPqJ.png
    404 Friend Not Found

Sign In to comment.