Carrier

12223252728

Comments

  • edited February 2019

    Type your comment> @Gh05tR1d3r said:

    I'm not going to give up on this box. Despite spending way too long staring at the screen.
    I have access to the webpage and I feel like I need to inject some code, via burp, into the d**g page. This is where my lack of experience is starting to show and is where i need some assistance progressing to 'user.txt'
    I'd rather not be told the answer as I'm here to learn, but if there is something I can read that may lead me the way or if someone can give me a little nudge in the right direction I would be grateful. Feel free to drop me a message.

    Many Thanks

    EDIT: Got 'user.txt' now. Thanks to @sillydaddy daddy and @Xess for the advice.

  • That was a mission finally rooted!! Thanks for all the hints and help on this one!

  • Type your comment> @Patapinh0 said:

    Hardest box I've been doing so far. Finally rooted that b*tch. Thanks a lot to @snowscan for making this, I learned a TON of new stuff.

    User is easy and there is plenty of hints already in this thread ; as for root, there are quite a few gotchas on the way to root.txt.

    Some things that messed with me for some time : if you change the .conf of a service, be sure to write it and/or to restart the associated service so it gets accounted. Also, interface changes can be your friend. And last, but not least : be polite, say HELO.

    Thanks a lot to @f1ndm3 and @Downloading for confirming I was on the right path, as well as @Xess , with whom it was quite fun to work :)

    It was a pleasure to struggle together haha! :)

    Xess

  • @Gh05tR1d3r said:
    Type your comment> @Gh05tR1d3r said:

    I'm not going to give up on this box. Despite spending way too long staring at the screen.
    I have access to the webpage and I feel like I need to inject some code, via burp, into the d**g page. This is where my lack of experience is starting to show and is where i need some assistance progressing to 'user.txt'
    I'd rather not be told the answer as I'm here to learn, but if there is something I can read that may lead me the way or if someone can give me a little nudge in the right direction I would be grateful. Feel free to drop me a message.

    Many Thanks

    EDIT: Got 'user.txt' now. Thanks to @sillydaddy daddy and @Xess for the advice.

    Anytime! :)

    Xess

  • Hmmm, so I have the SN but it doesn't seem to be working to login to the page? Any ideas

  • Having a lot of troubles with what needs to be done next after getting user.txt.

    I have tried using reverse shell codes cheat sheet and tried to input it into the check perimeter. However, it is not executing and I can't listen to it on my kali linux. Is there anyone that can help me out?

  • Type your comment> @RyanW18 said:

    Hmmm, so I have the SN but it doesn't seem to be working to login to the page? Any ideas

    Do not include the SN in the password and it will work if your username is the correct one.

  • Type your comment> @Ryzeros said:

    Type your comment> @RyanW18 said:

    Hmmm, so I have the SN but it doesn't seem to be working to login to the page? Any ideas

    Do not include the SN in the password and it will work if your username is the correct one.

    Was a classic layer 8 issue. Had a character on the end of the password which shouldn't have been. Got a shell onto the machine however for the last hour I can't figure out how to maintain access via an ssh account or anything lol

  • logged in successfully but have no idea on what to do now.
    can anyone guide me?

  • Think I have a rough idea on how to get root but unable to actually do it or know when to start. hmmm

  • edited February 2019

    I think I'm pretty close, but yet so far. I've edited the B** conf and restarted the service, checking in VT*** show I'm the preffered one, and i'm waiting for packets, but not sure how can I make the F** client to init the connection to get the sweet stuff.

    Can someone give a hint? thx!

    btw, I see packets but without the sweetness, maybe other people trying to connect...

  • Not able to login with a**** : S*************. Is it just me or others are also facing same issue?

  • Type your comment> @vno said:

    Not able to login with a**** : S*************. Is it just me or others are also facing same issue?

    check without S***

  • Ughhhhh. It's over.....root at last.

    This was an amazing box, I've learnt so much over the last three pain filled days.
    Big thanks to @snowscan for making me question 10 years of network engineering
    and thanks to @Xess for reassuring me I was on the right track.

    If anyone has any networking related questions or doesn't quite understand what they're trying to achieve post RCE, feel free to PM me. I'm more than happy to help.

  • So I know what to do, I'm able to do B** H******* but I can't figure out how to get that IP to be reachable on the machine.

  • Type your comment> @RyanW18 said:
    > So I know what to do, I'm able to do B** H******* but I can't figure out how to get that IP to be reachable on the machine.

    A sweep ?

    Hack The Box

  • Type your comment> @sillydaddy said:

    Type your comment> @RyanW18 said:
    > So I know what to do, I'm able to do B** H******* but I can't figure out how to get that IP to be reachable on the machine.

    A sweep ?

    So I know what I need to do exactly and how to do it however when changing an interface (any of them) to the IP i need for it to be reachable and then routed by B** it terminates my shell, then I can no longer get my reverse shell back as a machine reset is needed

  • Spoiler Removed

  • What I just want to know is when would this box be retired lolz? I just want to read the write up for root. It should have been retired last week instead of ypuffy according to the normal flow.
  • vnovno
    edited February 2019

    lol! Was trying without stars but it was not working for me.

    @st4rL0rd said:
    Type your comment> @vno said:

    Not able to login with a**** : S*************. Is it just me or others are also facing same issue?

    check without S***

    Edit: Got it!

  • Anyone got any ideas as to when I change any interfaces IP address my shell drops and I then have to reset the box to get back on. Literally any of the interfaces it has I’ve tried changing and I get dropped instantly

  • I got it too!! thanks to @Lanks07 for the final help! I'll keep the chain of help, so DM if you need help, pleased to be of use

  • @RyanW18 said:
    Anyone got any ideas as to when I change any interfaces IP address my shell drops and I then have to reset the box to get back on. Literally any of the interfaces it has I’ve tried changing and I get dropped instantly

    For sure there's one that should not be changed as is the one you are using to connect to the machine, so try another. It happened to me as well, couple tries until i noticed.

  • Type your comment> @st4rL0rd said:
    > @RyanW18 said:
    > Anyone got any ideas as to when I change any interfaces IP address my shell drops and I then have to reset the box to get back on. Literally any of the interfaces it has I’ve tried changing and I get dropped instantly
    >
    >
    >
    >
    >
    > For sure there's one that should not be changed as is the one you are using to connect to the machine, so try another. It happened to me as well, couple tries until i noticed.

    Tried all interfaces even loopback1
  • I' m trying to get user.txt. I am logged in as admin in the console. Not sure what to do next?

  • Type your comment> @DrinkACoffee said:

    I' m trying to get user.txt. I am logged in as admin in the console. Not sure what to do next?

    One of the pages should contain some output that's similar to a command used in Linux environments. Try see what it's doing and whether you can change its behaviour.

  • So now I've rooted it. It took a while and a lot longer than it should have however I've learnt a lot from this box, massive thanks to @Lanks07 for the hints and tips along the way.

    User
    - Fairly basic enumeration to get user and quite straight forward.

    Root
    - Very useful to have a networking background/knowledge for this one.
    - Look back at something you may have disregarded from your initial enumeration as part of user. It comes in helpful.

    If anyone wants tips or hints just let me know and I'll be happy to help where I can!

  • edited March 2019

    I'm so lost, I've been able to get to the dia* page and I've been able to get the page to function differently with burp suite. It seems like I'm getting it to print out all the commands that have recently been ran on the machine, I think. I got it to do that by changing the "check=" to "check=dir". But I can't get it to do anything else and I'm just stuck. If anyone could give me a nudge in the right direction I'd really appreciate it!

    Edit: Got the user flag! On to root.

  • Type your comment> @zerosoul said:

    I'm so lost, I've been able to get to the dia* page and I've been able to get the page to function differently with burp suite. It seems like I'm getting it to print out all the commands that have recently been ran on the machine, I think. I got it to do that by changing the "check=" to "check=dir". But I can't get it to do anything else and I'm just stuck. If anyone could give me a nudge in the right direction I'd really appreciate it!

    Look at the original parameters the di** page was sending. Does that look like normal text to you? Does it even resemble anything?

  • I think I know what I have to do to get root, just want to know if "CVE" clue in T*****s is complete rabbit hole.

Sign In to comment.