Carrier

I like these themed/realistic challenges. Yey :+1:

@alacerda said:
Weird. Because I am already root but i just can find user flag. PS.: I didnt privesc I am already root

Probably because there are multiple challenges after that shell ?

I have RCE

Privesc was a pain in the ■■■. Here’s a hint: on the web page pay attention at what you read even if it looks funny or silly at the first sight, maybe because it could be something useful later on :wink:

I seem to be stuck on this already… I only have the following.

  • Found the docs
  • Found 2 other ports

Spoiler Removed - Arrexel

Spoiler Removed

■■■ stop brute forcing this box, I can’t even get gobuster to run for 15 seconds due to performance issues. 95% are not bruteforce.

Could someone please send me a hint about the RCE. Thanks!

@AlexanderNagy said:
Could someone please send me a hint about the RCE. Thanks!

if your login has been successful, analyze the only point which “executes” something…

Stuck at privilege escalation from so long. Can someone point me in a right direction.

@MrR3boot said:
Stuck at privilege escalation from so long. Can someone point me in a right direction.

same

Are there anyone who suffers from machine’s unstable situation? I am at VIP zone but after resetting machine, ports are not opening even after 5 minutes, is this normal? On the other hand, that udp port should be working correctly but even I tried enumeration with 3 different tool and msf aux modules, i couldnt get any information.(connected but no info) Is this normal and we must play with public-private settings (u know what i mean c******ty)? Thanks in advance…

@Wainright said:
Are there anyone who suffers from machine’s unstable situation? I am at VIP zone but after resetting machine, ports are not opening even after 5 minutes, is this normal? On the other hand, that udp port should be working correctly but even I tried enumeration with 3 different tool and msf aux modules, i couldnt get any information.(connected but no info) Is this normal and we must play with public-private settings (u know what i mean c******ty)? Thanks in advance…

i know that if you enumerate the wrong c*******y you get a timeout error.

enumerating the right one doesn’t give you back tons of info. just that one you need.

why is the snmp port now closed, is it supposed to be

@badman89 said:
why is the snmp port now closed, is it supposed to be

I think the box is just too crowded or fuk’d up somehow atm. I have had troubles since yesterday with it.

ok, managed to get user.txt and shell as the root user. However I’m not sure where root.txt is, or what to do next? any clues

Can anyone point me kinda in the right direction after logging-in?

For the root flag, do I need pivoting?

I only got user.txt so far, and from what I can tell… seems like, we are in only one of the containers within a multitude of containers (that horror)…

I think I know why this box is called carrier… (that horror again)…