Carrier

1246727

Comments

  • I have no idea where to go after getting access to the admin console

  • @farid007 said:
    i found port 1*1
    i enumerated it
    i couldn't detect anything
    help

    Did you get some data from enumerating that particular service and did you enumerate the web server? Because that way you might find some interesting loot to get further.

    image

  • @dragonitesec said:

    @darkkilla said:
    I really am stuck at where I think I have to h****k $target using "a particular method" (don't want to spoiler here) but I can't figure out how to actually do that. I read tons of stuff about $method, but it all seems to be just pretty vague - basically everyone is just saying "yeah if $rogue does 'something' then you h******d $target" but if I do exactly that, then traffic to $target is no longer working. Would be nice if anyone could hook me up with some practical examples of how to do it so that $target stays available but I get to see the "the good stuff".

    amazing post! I'm exactly on the same exact point as you. And I don't have a full knowledge of $method commands/actions in order to see good stuff keeping traffic to $target.

    Yup on the same boat lol

  • @darkkilla said:

    @farid007 said:
    i found port 1*1
    i enumerated it
    i couldn't detect anything
    help

    Did you get some data from enumerating that particular service and did you enumerate the web server? Because that way you might find some interesting loot to get further.

    i found some directory
    i found doc directory
    i couldn't found chassis serial number

  • @farid007 said:

    @darkkilla said:

    @farid007 said:
    i found port 1*1
    i enumerated it
    i couldn't detect anything
    help

    Did you get some data from enumerating that particular service and did you enumerate the web server? Because that way you might find some interesting loot to get further.

    i found some directory
    i found doc directory
    i couldn't found chassis serial number

    Earlier on you said you found a specific port and enumerated it. You didn't get any data out of it? Because you should've gotten something from that.

    image

  • i got some information from that port 1*1 while enumerating
    but i didn't get chassis serial number

  • can someone drop me a hint or some reading material to get inspired for privesc (I think it has to do with q***** and b** but I've never used it).

  • @farid007 said:
    i got some information from that port 1*1 while enumerating
    but i didn't get chassis serial number

    PM me and show me what data you found on that port, maybe then I can give you a hint in the right direction without spoiling.

    image

  • Ehh rooting this box is damn near impossible, not only is it a hard challenge, also due to the everyone fiddling with b** at the same time, you can't test shit. Reset doesn't help much, seconds later all routes get fucked up, configuration changes and there is no way to sort this mess.

  • Rooted! Really nice box.

    Could anyone that have rooted it PM me to discuss the other stuff that you find with the flag please?

  • edited September 2018

    Could some one PM me with a hint as what to look at first for privesc. You don't know what you don't know :) What to look for for reading material would be good too.

    I was going to do some pcap.
    Tried logging into FTP. Will have another go at this.

    Many thanks

    Hack The Box

  • @Underworld said:
    Could some one PM me with a hint as what to look at first for privesc. You don't know what you don't know :) What to look for for reading material would be good too.

    I was going to do some pcap.
    Tried logging into FTP. Will have another go at this.

    Many thanks

    At a start, re-read the ticketing system pages. I think there are lots of hints there (but it is something I am rubbish at so I think an attempt I'll have to privesc will need lots more research).

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Once I lose my shell I had to reset the machine to get back inside(I am on VIP). Upgrading to meterpreter shell was the solution that kept me safe.

  • @darkkilla said:
    I really am stuck at where I think I have to h****k $target using "a particular method"

    Forget my earlier request, I've popped root. :)

    image

  • got the user but stuck on priv esc
    i know its multi con****** box found the 2 other addr but there is only one service on those con*****rs
    from the picture i see the situation but how can i found the port running the web server
    can anyone pm to discute about it plz

    Raouf09

  • what. a. pain. but finally root.

    Hack The Box

  • This is killing me. I feel like I have an idea how to progress but not only can I not seem to get it to work, but I'm not even sure it makes sense any more.

    This is an awesome box. If I ever get root, I will have learned a lot.

    Thanks @snowscan, but I am not sure if I hate you or not :smile:

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • @TazWake said:
    This is killing me. I feel like I have an idea how to progress but not only can I not seem to get it to work, but I'm not even sure it makes sense any more.

    This is an awesome box. If I ever get root, I will have learned a lot.

    Thanks @snowscan, but I am not sure if I hate you or not :smile:

    DM

  • Does this require any specialized tools or scripts once you're connected or can it be accomplished with standard bash commands?

    --Skunkfoot

  • @Skunkfoot said:
    Does this require any specialized tools or scripts once you're connected or can it be accomplished with standard bash commands?

    I used a static version of nmap, it's not 100% required but still helps a lot.

  • Rooted after 2 days. Nice work @snowscan, learned a lot from this machine

    jamesa

  • @Skunkfoot said:
    Does this require any specialized tools or scripts once you're connected or can it be accomplished with standard bash commands?

    I wrote a simple bash script for that.

    fasetto

  • finally had the time to work on privesc, new stuff comes to HTB and that's a very good thing!
    i think last step is quite contrived anyway.
    thanks snowscan :)

  • Finally rooted :) It took a while mostly because it was really hard to figure stuff out with routes constantly changing, people messing with b** etc. But it was a great challenge anyway, I feel really proud of myself :D Thanks @snowscan!

  • ok can i ask for some help with the reverse shell, i will explain in PM where i am at so as to now ruin it for anyone, or "repeating" what others are saying...

  • @RPSUK said:
    ok can i ask for some help with the reverse shell, i will explain in PM where i am at so as to now ruin it for anyone, or "repeating" what others are saying...

    PM me

  • edited September 2018

    guys i understand everybody is here to learn, but i think before doing this box you should study a bit linux networking configuration. i mean don't pretend in pvt i explain you even how to add an ip to an eth. just google it. if you just run cmds without understand what they do well.. good luck.

    Hack The Box

  • @0xlc said:
    guys i understand everybody is here to learn, but i think before doing this box you should study a bit linux networking configuration. i mean don't pretend in pvt i explain you even how to add an ip to an eth. just google it. if you just run cmds without understand what they do well.. good luck.

    I see what you did there...

  • Kinda need some help, I can't find the number I'm looking for... PM me if you want to help me out :P

    WillIWas

Sign In to comment.