Carrier

1192022242528

Comments

  • edited January 2019
    Got user, but I’m not sure if that’s where the flag was supposed to be.... found it when I was doing RCE. Was it in the root directory of the RCE vulnerability? or did I just catch a break from someone else’s clever scripting?

    Hopefully this isnt a spoiler. Just trying to grab user the intended way and not from someone elses work.

    Thanks

    EDIT: Nevermind. Just checked the date on the file and I’m good.

    d3v1ant

  • I get this error message:
    "bash: cannot set terminal process group (801): Inappropriate ioctl for device
    bash: no job control in this shell
    bash: 0: No such file or directory"
    i tried many times i don't know what i am doing wrong.

  • Before get root I thought that it is necessary to be CCNP to fulfill necessary attack.
    But after I see that CCNA is quite enough. It is not necessary to study network protocol you attack in details.
    Just several simply steps and attack fulfill automatically.

    I cannot imagine where can you get error like "bash: cannot set terminal process group ..."

    tabacci

  • I got this box in the end! Although I did find it surprisingly difficult.

    If anyone happens to know what the secret data file was all about I would be interested to know.

  • does anyone knows when this machine is going to be retired?

  • @andy The secret data file was nothing, just a little easter egg I put in there

  • excellent box. love it.

    HE4DTR1P

  • amazing box, thanks @jkr for a lot of help and patience

  • edited February 2019

    Rooted :)
    Root was difficult.It is like insane for me.

  • I got User.txt but I stuck on priv escalation. Guide me brothers.

  • @aungkyawphyo said:
    I got User.txt but I stuck on priv escalation. Guide me brothers.

    Remember the info graph and think about how you need to deal with a setup like that!

  • Hello, can someone please give me some hints about root? I've got the reverse shell, looked at the ip routes but I can't think about a "game plan"... any hint is allowed :)

  • @D3f3nd3r said:
    I get this error message:
    "bash: cannot set terminal process group (801): Inappropriate ioctl for device
    bash: no job control in this shell
    bash: 0: No such file or directory"
    i tried many times i don't know what i am doing wrong.

    I've seen that a few times. Sometimes I have to try a different reverse shell technique or list the full path of the programs I'm using to attain the reverse shell. Try to locate where the tool you'd like to use is, then list the full path to it vs. just calling the tool by name.

    d3v1ant

  • edited February 2019

    got root originally but not the right way.

    edit: thanks to a number of individuals who pointed me in the right direction to do it the right way.

    also this link helped, once you understand the service you can unmask the stars https://www.nongnu.org/q*****

    really learnt something from this box, so it gets my vote!

  • I got root shell but can only see user.txt, is there something i'm missing ?

  • @Silky said:
    I got root shell but can only see user.txt, is there something i'm missing ?

    Lots. :)

    HE4DTR1P

  • off topic : that box brought me to gns3 and cisco routers. I recommand to watch videos about gns3 after you finished the box, it's very interesting.

    peek

  • can somebody help me with root - i'm a little bit lost with the network stuff and don't know where to start with my research...

  • @peek said:
    off topic : that box brought me to gns3 and cisco routers. I recommand to watch videos about gns3 after you finished the box, it's very interesting.

    Dynamips is better. The GNS3 GUI was a resource hog the last time i used it. Dynamips doesn't have the GUI. If you can get your hands on Cisco software it's an excellent resource for studying for CCNP R/S. That's how I did it back in the day. You can do SOME CCNP Security topics with it, but not everything. Anyway, great learning tool and great way to lab up networking scenarios from time to time. That being said GNS3 will do the job, it just comes down to GUI, or no GUI.

    HE4DTR1P

  • Hey guys, total noob here. Have been trying to get user.txt on this box and am stuck on the RCE. If anyone could PM hints or suggest resources to help me learn basics of RCE it would be greatly appreciated. Thank you all and happy hacking!

  • Can someone please DM me for a sanity check? I had user a long time ago and took a break when I was struggling with root. I cannot get my low priv shell to pop again to save my life!

  • I see some people are finding a 'simple' port in their nmap scans.. but everytime i scan for 1** it comes back as closed, even straight after a reset..

    Xess

  • Ok. I do not get it. I changed the b** configuration. I do get F** traffic to the corresponding host. But no credentials came by. Am I missing something?

    Hack The Box

  • need help I successfully logged in to the admin panel but need hind about what to do to get user.txt by "check"

  • Most useful advise here I could give about privilege escalation is to enumerate the service everyone's referring to and look at some youtube clips regarding b** h******* to get familiar with the commands and v***** interface. Also it took me days to figure out that nc can't simulate an *** daemon, so you'll have to set up one yourself or do manual responses with nc like someone already advised, personally I used a python script I found on github. A tough box, but learned lots of stuff about networking! Next step is to find a decent book to get a bit more familiar with this stuff, any recommendations someone might have would be welcome.

    All I can say is if you believe you know the privilege escalation attack vector and sure of it keep trying, you'll get to it eventually.

    Also look at s4rgey's comment.

  • edited February 2019

    Before I go down a rabbit hole, can I get the s***** number i'm looking for by enumerating s**p . I've tried some basics and i'm getting nothing more than an ip back

    scratch that - found it. Misusing tools :)

    ipbsec

  • Can I get a hint how to proceed? I have web login, i've gathered some network info from the tickets page but nothing seems to live on any of the /24s , I've read there's a cve and have found some candidates but I believe I need a shell first. I can't find any mechanism to upload a file or kick off any processes in the php pages. I know i'm missing something, I'm just not sure what!

    ipbsec

  • I need some help on the reverse shell command. I've figured out RCE but cannot for the life of me find a working reverse shell command.

  • edited February 2019

    -deleted- Just machine unstable

  • I need a little hint... I'm not sure if I'm stuck in a rabbit hole. I got user and now working on root. Is it safe to assume that I need a shell on carrier to get root?

Sign In to comment.