Carrier

1202123252628

Comments

  • Type your comment

  • edited February 2019

    To start off I'm new to the hacking scene, i got alot of networking and some programming with me in to this! I'm pretty stuck at the moment i would say! I did get user pretty fast with the hints on the forum, but I've got real problems with the b** (familliar and have worked with the protocol) stuff. At the moment i dont see a way forward, I have read the configuration multiple times and tried som stuff to route me the traffic but nothing has worked... This might be due to me not having worked with kali that much and all of its capabilities but what would I know! I would love some hints/tips from the experts on here! :)

  • Type your comment> @GeorgieH10 said:

    To start off I'm new to the hacking scene, i got alot of networking and some programming with me in to this! I'm pretty stuck at the moment i would say! I did get user pretty fast with the hints on the forum, but I've got real problems with the b** (familliar and have worked with the protocol) stuff. At the moment i dont see a way forward, I have read the configuration multiple times and tried som stuff to route me the traffic but nothing has worked... This might be due to me not having worked with kali that much and all of its capabilities but what would I know! I would love some hints/tips from the experts on here! :)

    1. you mainly need to figure out b** h***** method, ask Pakistan
    2. linux network commands

    peek

  • Type your comment> @peek said:

    Type your comment> @GeorgieH10 said:

    To start off I'm new to the hacking scene, i got alot of networking and some programming with me in to this! I'm pretty stuck at the moment i would say! I did get user pretty fast with the hints on the forum, but I've got real problems with the b** (familliar and have worked with the protocol) stuff. At the moment i dont see a way forward, I have read the configuration multiple times and tried som stuff to route me the traffic but nothing has worked... This might be due to me not having worked with kali that much and all of its capabilities but what would I know! I would love some hints/tips from the experts on here! :)

    1. you mainly need to figure out b** h***** method, ask Pakistan
    2. linux network commands

    Thanks Peek! Yeah I read about it before my last post, I believe I understand it as well and i have tried to figure out how to practically apply what i've read in this scenario but without any luck. could you point me in the right direction, documentation on how to do it, what is needed on the attacker side (my own b** a*?, specific r***s?, p***y server? and so on... I think that the main problem is the methodology to actually carry it out.

  • Im in the same spot as @GeorgieH10 i can execute commands and get results but cant get an interactive shell. I would expect i need a shell to start changing b** config using their tty utility but im obviously missing something. Im curious what other people have done.
  • i dont think that you are at the same step. pm me

    peek

  • Rooted. Amazing machine @snowscan . Thank you for the nudge @peek

  • Hey, I have the shell on the system and see the diagram and the conf files... but I am very confused on how this network works and what all the traffic is. Could somebody help me get a better understanding of what I am looking at from a high level so that I can figure out what to do next? I am very new to networking.

    wiseguy

  • I managed to login using serial number but now i stuck what to do next :(

  • Type your comment> @izzul said:
    > I managed to login using serial number but now i stuck what to do next :(

    Check out what pages you have available and figure out how they might work
  • Hi i got user.txt already but im having trouble getting a reverse shell. I tried using p***** and n* but i can't seem to catch a shell

  • Got user on the box, got an interactive shell, but having trouble with root. I'm guessing I need to change the b** protocol, but I'm a bit unsure about where to go with this. I'm thinking the t****** page is a hint at how to reconfigure things?

  • edited February 2019

    Hi after reading a few page on the forum I can not figure out my nmap scan..... 161 is close and I try sever types of scanning so what's going wrong? Any hint should be appreciated thanks

    Founded lol waiting 20 min for a scan

  • Type your comment> @skyghost666 said:

    Hi after reading a few page on the forum I can not figure out my nmap scan..... 161 is close and I try sever types of scanning so what's going wrong? Any hint should be appreciated thanks

    Founded lol waiting 20 min for a scan

    masscan is good to find all open port. quickly 2 ~3 mins .then you just need nmap scan port service .

  • I'm trap with s...w... IN enumeration I found SN#N......but I don't find the way to exploit that any hint should be appreciated thank you

  • Enumerated ports, services, site, etc. Read docs. Got SN*. Still unable to login. Site seems to hang after inputting credentials :/

  • Can any point me in the right direction? I have an interactive shell and have modified the b** config. I havent been able to capture the traffic locally and havent been able to forward the traffic to my box.

  • edited February 2019

  • edited February 2019

    I think I almost have rotting this figured out. Could someone give me a hand? I am b** h******** and seeing an f** 3-way handshake, but no data.

    EDIT: Nevermind- rooted. Be wary of poor network conditions.

  • Nevermind- rooted. Be wary of poor network conditions.

  • Hey all, I've been able to log into the web page with the correct credentials, and I am working with burp suite for the RCE. I've found Check=******* that people have mentioned but I am unsure of where to go from here. Any help would be appreciated. Feel free to DM. Still trying to get that user.txt.

  • edited February 2019

    anyone up to help me out with b** h******** portion? I'd like to get some feedback on my approach. I have owned system already just not sure how or why

    Kronos

  • Gotaccess to web app, cant seem to figure out changing the parameter to execute rce. Do you need to modify both the Name and value or simply the value of Ch***? Feel free to DM me

  • For root, I was pretty close for many hours and pulling my hair out and was missing one step after configuring b**. My hint is below, hopefully its vague enough not to be considered a spoiler.

    Remember when doing b** h********, you have to actually be able to provide the services you're advertising.

  • edited February 2019

    hints for PrivEsca

  • @0xMohamed I'm right there and I see data for that service. I dont see a password or any files being transferred. I'm trying to capture it in pcap. I dont know why I can only see partial data for that service.

  • Rooted! After 2 days of struggle... This got to be my favorite box, learned so much! If someone need help just PM me.

  • Holy cow! Took me 2 days too. Thanks to @snox for the tip. Pay attention to @0xMohamed's advice.

  • The root part has been kicking my ass for a day and a half. Makes me painfully conscious about the need to seriously brush up on my networking skils.

    Changed stuff in b.cf according to that f** port in the T*****s page, tried catching the result with n, tried with tc****p ... but nothing is showing up yet.
    I know I'm really close, but I must miss a detail either in that file, or in the way I'm listening to stuff.

    Any hints in PM ? Would love to check my B** h*******g logic, as I feel it might be too simple or missing something.

  • edited February 2019

    thought I was finished but it's time to try harder

Sign In to comment.