Carrier

1235727

Comments

  • edited October 2018

    Spoiler Removed - Arrexel

  • edited October 2018

    @missionstarted said:
    Spoiler Removed - Arrexel

    Think "common misconfiguration"

    jamesa

  • edited October 2018

    @missionstarted said:
    Spoiler Removed - Arrexel

    Check the meaning of error codes

  • If anyone has any recommendations for reading material to pass commands for RCE - much appreciated - struggling with B**p.

  • @jamesa @T0ha Thanks, Btw Got the user flag, now heading towards root.

  • @InfoSecGuy23 said:
    If anyone has any recommendations for reading material to pass commands for RCE - much appreciated - struggling with B**p.

    https://www.owasp.org/index.php/Testing_for_Command_Injection_(OTG-INPVAL-013)

    but before you need to figure out how add this to that parameter..

    Hack The Box

  • Got Carrier.... MAN that PRIV ESC was CRAZY......

  • people stay f****** this box but got no route and must reset it
    if every body do as me no one can work with this box
    i work for priv esc and i had the brain fu*****ed and when found something the box is reseted and i still stuck for the priv esc i turn in round
    if any body have an idea for help me plz pm me

    Raouf09

  • PORT STATE SERVICE
    21/tcp filtered ftp
    22/tcp open ssh

  • Whats with the extra se******ta.**t file in the end ? The one with the root flag ?

  • That box is crazy, a good brainfuck in the head to root that thing, really enjoyable and that box helped me a lot with an other one, and learned a lot of new techniques, thanks 🙏
    Also that secret flag, personnaly I don't care I'm just happy to can stay my finger away from that box (but seems interesting :p)
  • Got the shell on this box. Struggling to get the root.. since already root. How to get out of that ?

    sesha569

  • Check the iptables to start

    Hack The Box

  • > @LRHel said:
    > Also that secret flag, personnaly I don't care I'm just happy to can stay my finger away from that box (but seems interesting :p)

    Yeah I don't understand what that is used for?

    jamesa

  • Always wanted to mess around with a setup like this. Very interesting and learned a lot. Thanks to @snowscan for creating this box!

  • same here, very interesting box with something not seen before. takes some time to get the way to root.txt. sometimes one can break the box due to wrong settings though.
    nevertheless good job @snowscan!

  • BTW: the secret troll is just LOL!

  • Just rooted it. Very interesting box. It's not that hard but you need to know a little bit about networks. Good job @snowscan

  • Any hint for obtaining the shell ?

  • @flexkid You can PM me for that part.

    Do you have to use or write a script to get root or is there another way?

    --Skunkfoot

  • Great box. Brush up on networking for priv esc, including the Linux tools commonly used for network administration and troubleshooting.

  • @Skunkfoot said:
    @flexkid You can PM me for that part.

    Do you have to use or write a script to get root or is there another way?

    There it another way, you don't have to write or use any kind of script, just the tools already available in the machine.

  • @veterano said:

    @Skunkfoot said:
    @flexkid You can PM me for that part.

    Do you have to use or write a script to get root or is there another way?

    There it another way, you don't have to write or use any kind of script, just the tools already available in the machine.

    Okay I thought so, just wanted to make sure. Thanks.

    --Skunkfoot

  • Need some hints on what to do after identified the b* and the things in iptable.

  • whoami : root, what should i do search for root.txt ?

  • @Sidxzx said:
    whoami : root, what should i do search for root.txt ?

    Negative Ghostrider. You can search all you want, but this box is a little more complex than just getting a reverse shell. You're going to have to do some more enumeration and a lot of research on the services and their vulnerabilities

    --Skunkfoot

  • My advice: test it locally. At this point you should have an idea of what's happening. Make sure you encode it back! :)

  • edited September 2018

    I wonder if my way of rooting it was the intended one. I tried to replicate a 'famous hack' demonstrated a while ago. But then I figured - why pass on something interesting that you already have - better deal with it yourself!

    My advice is to enumerate the whole network carefully - you can use bash one-liners as nmap replacement.

  • @kekra said:
    I wonder if my way of rooting it was the intended one. I tried to replicate a 'famous hack' demonstrated a while ago. But then I figured - why pass on something interesting that you already have - better deal with it yourself!

    I'd be interested to hear of this alternate method if you'd like to discuss.

    --Skunkfoot

Sign In to comment.