Carrier

1192022242527

Comments

  • I got this box in the end! Although I did find it surprisingly difficult.

    If anyone happens to know what the secret data file was all about I would be interested to know.

  • does anyone knows when this machine is going to be retired?

  • @andy The secret data file was nothing, just a little easter egg I put in there

  • amazing box, thanks @jkr for a lot of help and patience

  • edited February 2019

    Rooted :)
    Root was difficult.It is like insane for me.

  • I got User.txt but I stuck on priv escalation. Guide me brothers.

  • @aungkyawphyo said:
    I got User.txt but I stuck on priv escalation. Guide me brothers.

    Remember the info graph and think about how you need to deal with a setup like that!

  • Hello, can someone please give me some hints about root? I've got the reverse shell, looked at the ip routes but I can't think about a "game plan"... any hint is allowed :)

  • @D3f3nd3r said:
    I get this error message:
    "bash: cannot set terminal process group (801): Inappropriate ioctl for device
    bash: no job control in this shell
    bash: 0: No such file or directory"
    i tried many times i don't know what i am doing wrong.

    I've seen that a few times. Sometimes I have to try a different reverse shell technique or list the full path of the programs I'm using to attain the reverse shell. Try to locate where the tool you'd like to use is, then list the full path to it vs. just calling the tool by name.

    d3v1ant

  • edited February 2019

    got root originally but not the right way.

    edit: thanks to a number of individuals who pointed me in the right direction to do it the right way.

    also this link helped, once you understand the service you can unmask the stars https://www.nongnu.org/q*****

    really learnt something from this box, so it gets my vote!

  • I got root shell but can only see user.txt, is there something i'm missing ?

  • off topic : that box brought me to gns3 and cisco routers. I recommand to watch videos about gns3 after you finished the box, it's very interesting.

    peek

  • can somebody help me with root - i'm a little bit lost with the network stuff and don't know where to start with my research...

    Arrexel

  • Hey guys, total noob here. Have been trying to get user.txt on this box and am stuck on the RCE. If anyone could PM hints or suggest resources to help me learn basics of RCE it would be greatly appreciated. Thank you all and happy hacking!

  • Can someone please DM me for a sanity check? I had user a long time ago and took a break when I was struggling with root. I cannot get my low priv shell to pop again to save my life!

  • I see some people are finding a 'simple' port in their nmap scans.. but everytime i scan for 1** it comes back as closed, even straight after a reset..

    Xess

  • Ok. I do not get it. I changed the b** configuration. I do get F** traffic to the corresponding host. But no credentials came by. Am I missing something?

    Hack The Box

  • need help I successfully logged in to the admin panel but need hind about what to do to get user.txt by "check"

  • Most useful advise here I could give about privilege escalation is to enumerate the service everyone's referring to and look at some youtube clips regarding b** h******* to get familiar with the commands and v***** interface. Also it took me days to figure out that nc can't simulate an *** daemon, so you'll have to set up one yourself or do manual responses with nc like someone already advised, personally I used a python script I found on github. A tough box, but learned lots of stuff about networking! Next step is to find a decent book to get a bit more familiar with this stuff, any recommendations someone might have would be welcome.

    All I can say is if you believe you know the privilege escalation attack vector and sure of it keep trying, you'll get to it eventually.

    Also look at s4rgey's comment.

  • edited February 2019

    Before I go down a rabbit hole, can I get the s***** number i'm looking for by enumerating s**p . I've tried some basics and i'm getting nothing more than an ip back

    scratch that - found it. Misusing tools :)

    ipbsec

  • Can I get a hint how to proceed? I have web login, i've gathered some network info from the tickets page but nothing seems to live on any of the /24s , I've read there's a cve and have found some candidates but I believe I need a shell first. I can't find any mechanism to upload a file or kick off any processes in the php pages. I know i'm missing something, I'm just not sure what!

    ipbsec

  • I need some help on the reverse shell command. I've figured out RCE but cannot for the life of me find a working reverse shell command.

  • edited February 2019

    -deleted- Just machine unstable

  • I need a little hint... I'm not sure if I'm stuck in a rabbit hole. I got user and now working on root. Is it safe to assume that I need a shell on carrier to get root?

  • Type your comment

  • edited February 2019

    To start off I'm new to the hacking scene, i got alot of networking and some programming with me in to this! I'm pretty stuck at the moment i would say! I did get user pretty fast with the hints on the forum, but I've got real problems with the b** (familliar and have worked with the protocol) stuff. At the moment i dont see a way forward, I have read the configuration multiple times and tried som stuff to route me the traffic but nothing has worked... This might be due to me not having worked with kali that much and all of its capabilities but what would I know! I would love some hints/tips from the experts on here! :)

  • Type your comment> @GeorgieH10 said:

    To start off I'm new to the hacking scene, i got alot of networking and some programming with me in to this! I'm pretty stuck at the moment i would say! I did get user pretty fast with the hints on the forum, but I've got real problems with the b** (familliar and have worked with the protocol) stuff. At the moment i dont see a way forward, I have read the configuration multiple times and tried som stuff to route me the traffic but nothing has worked... This might be due to me not having worked with kali that much and all of its capabilities but what would I know! I would love some hints/tips from the experts on here! :)

    1. you mainly need to figure out b** h***** method, ask Pakistan
    2. linux network commands

    peek

  • Type your comment> @peek said:

    Type your comment> @GeorgieH10 said:

    To start off I'm new to the hacking scene, i got alot of networking and some programming with me in to this! I'm pretty stuck at the moment i would say! I did get user pretty fast with the hints on the forum, but I've got real problems with the b** (familliar and have worked with the protocol) stuff. At the moment i dont see a way forward, I have read the configuration multiple times and tried som stuff to route me the traffic but nothing has worked... This might be due to me not having worked with kali that much and all of its capabilities but what would I know! I would love some hints/tips from the experts on here! :)

    1. you mainly need to figure out b** h***** method, ask Pakistan
    2. linux network commands

    Thanks Peek! Yeah I read about it before my last post, I believe I understand it as well and i have tried to figure out how to practically apply what i've read in this scenario but without any luck. could you point me in the right direction, documentation on how to do it, what is needed on the attacker side (my own b** a*?, specific r***s?, p***y server? and so on... I think that the main problem is the methodology to actually carry it out.

  • Im in the same spot as @GeorgieH10 i can execute commands and get results but cant get an interactive shell. I would expect i need a shell to start changing b** config using their tty utility but im obviously missing something. Im curious what other people have done.
  • i dont think that you are at the same step. pm me

    peek

Sign In to comment.