Carrier

12223242628

Comments

  • Type your comment> @RyanW18 said:

    Type your comment> @zerosoul said:

    I'm so lost, I've been able to get to the dia* page and I've been able to get the page to function differently with burp suite. It seems like I'm getting it to print out all the commands that have recently been ran on the machine, I think. I got it to do that by changing the "check=" to "check=dir". But I can't get it to do anything else and I'm just stuck. If anyone could give me a nudge in the right direction I'd really appreciate it!

    Look at the original parameters the di** page was sending. Does that look like normal text to you? Does it even resemble anything?

    I couldn't figure out how to de**** the string. But I figured it out! Thanks man!

  • Type your comment> @mordecai said:

    I think I know what I have to do to get root, just want to know if "CVE" clue in T*****s is complete rabbit hole.

    No CVEs needed to gain root.

  • ive gotten a shell and user.txt, havent had any issues with stability or anything, but i just cant figure out what im supposed to do to make the B** service route traffic to me, not very familiar with networking at all. im sure this will be the next box to be retired but its been the bane of my existence for the last week.

  • I've gotten user.txt but I am having trouble getting root.txt, I know the concepts of B** H*******g and using T*****p to grab the f** credentials just a bit lost as i have not had any experience with this side of the networking world. Any nudges in the right direction would be greatly appreciated.

  • Hello all. Needing some help with root. I know that there is an f** service via n***. I have logged in GUI, used the proper page and got a reverse shell. As a general question, should I use my local machine to connect to f**, or I can only access it via its internal network? I used ip*****s rules to allow any but with no success. I also tried to edit b** and listen to various interfaces and p*** to find hosts that are reachable. I also tried to t*****p but again no conclusion could be made. Any help would be appreciated.

  • Could i get some help setting up a fake f** se**** . I am not sure how to go about sni***** the c**** ......

  • Everyone keeps mentioning the port 1*1 as being the first step but when I perform an nMap scan, that port is closed? Am I missing something here?

  • Very nice box! Was incredibly hard for me due to my limited knowledge on networking. I learned a ton. Thanks! :)

    Hack The Box

  • Could someone that rooted the box explain to me what the se******ta.txt at the end is for...

  • Could anyone please give me a hint about the fake f** and what should I expect. I have used n* to act as f** and used t*****p to that interface, but I don't know what to next or what to look for.

  • edited March 2019

    for root.txt

    I've redirected the flow thanks to my lies being specific.

    I can see the flow and there's something I want to get at, but it's passing me by.

    Any hints on how to 'catch the flow' rather than simply having temporarily redirected it and letting it on its way?

    EDIT: All good, I've got it & learned a lot.

  • Rooted!!! It took me a lot of time, but finally done.

  • Can anyone dump me a tip on what to do once i've logged in over http?

  • I'm root....where is root.txt?

  • OK. User was pretty easy... But I need some help on getting out of it.

    I see the interfaces, I think I know what to do but a hint on which network services or what network techniques I should use/know would be awesome.

    If someone can nudge me in the right direction I would be glad.

    r00tk1d

  • edited March 2019

    Oh man, I can't seem to catch a break on this box. It's being hosed by so many people at once it just keeps falling over. I just want to get root!!! Please let me have 5 mins to try what I want to try!! :(

    Finally!!

    Took me a few days to root this bad boy, partly due to refreshing my knowledge and because I was on the free subs and just couldn't compete against people spaffing the server constantly. Nice box though really enjoyed working on it.

  • edited March 2019

    Can anyone PM me about where to go after editing b*** file ??? I am stuck and can't find out what am I supposed to do for the root flag (I have described earlier what I have already tried to do).

  • ok this system is kicking my arse, I really need some type of nudge..... anyone....

    Hack The Box

  • Finally!!

    Took me a few days to root this bad boy, partly due to refreshing my knowledge and because I was on the free subs and just couldn't compete against people spaffing the server constantly. Nice box though really enjoyed working on it.

  • edited March 2019

    So to update again I have used vt**h to write the modified conf but I do not see traffic on the pseduo interface of eth0:4 I created am I on the right track or just lost I can share my attempts and the results I have if someone wants to give me a hand

  • anyone give a nudge on what to do once I have access to the admin page? I see the vuln service, but not quite sure about next steps.

  • Type your comment> @clmtn said:

    Type your comment> @DrinkACoffee said:

    I' m trying to get user.txt. I am logged in as admin in the console. Not sure what to do next?

    One of the pages should contain some output that's similar to a command used in Linux environments. Try see what it's doing and whether you can change its behaviour.

    got any thing?

    I managed to get user but now stuck on ftp part.
    found a server but doesn't have credentials for this.

  • I understand I need to get to the f** server but I’m unsure how I can do that. Any hints would be greatly appreciated I’m not too familiar with networking

    Thanks in advanced

  • Type your comment> @laxudope said:

    Type your comment> @clmtn said:

    Type your comment> @DrinkACoffee said:

    I' m trying to get user.txt. I am logged in as admin in the console. Not sure what to do next?

    One of the pages should contain some output that's similar to a command used in Linux environments. Try see what it's doing and whether you can change its behaviour.

    got any thing?

    I managed to get user but now stuck on ftp part.
    found a server but doesn't have credentials for this.

    you can pm me we can work the rest of this together you want I havent found the f** but I am root and can redirect the traffic so I will need a nudge as well I am unsure about a few things if someone that rooted this or got this far can assist I am at the [email protected] and understand vt***

  • You remember the sound from JAWS ? when the shark is chasing the people carrier I am coming for your root lol! :)

  • edited March 2019

    Ok guys quick question does this go as far as local_pref or as path prepending or are we just doing a simple sub prefix hi***k?

    if that's the case I wonder if just modifying the interface like a friend of mine on here was told and gave me the hint we are sort of working this together.

    as in B** when you announce a prefix via a directly connected interface in quag** doesn't that internally set the next-hop to our asn?

    what I am wondering is do we have to do any pre routing modification or does that flag show up in that skeleton pcap once you redirect it I am just wondering how irl like this is

    as I am working on some code to pull off this famous attack but I am a little confused on a few pieces can someone with more knowledge of b** contact me via pm so I can roll some non challenge related questions at you?

  • Can anyone help me with what to do next after login to web app . as i'm not able to find any parameter in burp while intercepting . some one please guie me i'm stuck .!!!! :(

    Hack The Box
    If i helped you and tried to explained you! just give me a respect. click on the img to get my profile link.!
    Profile : https://www.hackthebox.eu/home/users/profile/17564

  • Type your comment> @parteeksingh said:

    Can anyone help me with what to do next after login to web app . as i'm not able to find any parameter in burp while intercepting . some one please guie me i'm stuck .!!!! :(

    Continue searching, you are missing something.

  • Hi
    Could someone help me with the initial foothold?
    I think I'm on the right track but I just don't get any login creds. I just want to know what I'm doing wrong.

    Fluxx79

  • Type your comment> @Fluxx79 said:

    Hi
    Could someone help me with the initial foothold?
    I think I'm on the right track but I just don't get any login creds. I just want to know what I'm doing wrong.

    Recommendation: Enumerate until you get something.

Sign In to comment.