Carrier

Guys can anyone guide me on this machine…kinda new to this…

Probably not a good box if you are new to this kind of thing, especially the priv esc - which was very clever and completely kicked my ■■■. Great box @snowscan thanks for creating.

May I ask for help with technical details? I think I know what to do, just missing the IT competence. PM me :slight_smile:

I have logged in, I think that i found what should I attack, it’s c***k parameter but don’t know how to proceed. Can someone PM me. Thanks

i found port 1*1
i enumerated it
i couldn’t detect anything
help

I really am stuck at where I think I have to hk $target using “a particular method” (don’t want to spoiler here) but I can’t figure out how to actually do that. I read tons of stuff about $method, but it all seems to be just pretty vague - basically everyone is just saying "yeah if $rogue does ‘something’ then you h**d $target" but if I do exactly that, then traffic to $target is no longer working. Would be nice if anyone could hook me up with some practical examples of how to do it so that $target stays available but I get to see the “the good stuff”.

@darkkilla said:
I really am stuck at where I think I have to hk $target using “a particular method” (don’t want to spoiler here) but I can’t figure out how to actually do that. I read tons of stuff about $method, but it all seems to be just pretty vague - basically everyone is just saying "yeah if $rogue does ‘something’ then you h**d $target" but if I do exactly that, then traffic to $target is no longer working. Would be nice if anyone could hook me up with some practical examples of how to do it so that $target stays available but I get to see the “the good stuff”.

amazing post! I’m exactly on the same exact point as you. And I don’t have a full knowledge of $method commands/actions in order to see good stuff keeping traffic to $target.

anyone can help

I have no idea where to go after getting access to the admin console

@farid007 said:
i found port 1*1
i enumerated it
i couldn’t detect anything
help

Did you get some data from enumerating that particular service and did you enumerate the web server? Because that way you might find some interesting loot to get further.

@dragonitesec said:

@darkkilla said:
I really am stuck at where I think I have to hk $target using “a particular method” (don’t want to spoiler here) but I can’t figure out how to actually do that. I read tons of stuff about $method, but it all seems to be just pretty vague - basically everyone is just saying "yeah if $rogue does ‘something’ then you h**d $target" but if I do exactly that, then traffic to $target is no longer working. Would be nice if anyone could hook me up with some practical examples of how to do it so that $target stays available but I get to see the “the good stuff”.

amazing post! I’m exactly on the same exact point as you. And I don’t have a full knowledge of $method commands/actions in order to see good stuff keeping traffic to $target.

Yup on the same boat lol

@darkkilla said:

@farid007 said:
i found port 1*1
i enumerated it
i couldn’t detect anything
help

Did you get some data from enumerating that particular service and did you enumerate the web server? Because that way you might find some interesting loot to get further.

i found some directory
i found doc directory
i couldn’t found chassis serial number

@farid007 said:

@darkkilla said:

@farid007 said:
i found port 1*1
i enumerated it
i couldn’t detect anything
help

Did you get some data from enumerating that particular service and did you enumerate the web server? Because that way you might find some interesting loot to get further.

i found some directory
i found doc directory
i couldn’t found chassis serial number

Earlier on you said you found a specific port and enumerated it. You didn’t get any data out of it? Because you should’ve gotten something from that.

i got some information from that port 1*1 while enumerating
but i didn’t get chassis serial number

can someone drop me a hint or some reading material to get inspired for privesc (I think it has to do with q***** and b** but I’ve never used it).

@farid007 said:
i got some information from that port 1*1 while enumerating
but i didn’t get chassis serial number

PM me and show me what data you found on that port, maybe then I can give you a hint in the right direction without spoiling.

Ehh rooting this box is ■■■■ near impossible, not only is it a hard challenge, also due to the everyone fiddling with b** at the same time, you can’t test ■■■■. Reset doesn’t help much, seconds later all routes get fucked up, configuration changes and there is no way to sort this mess.

Rooted! Really nice box.

Could anyone that have rooted it PM me to discuss the other stuff that you find with the flag please?

Could some one PM me with a hint as what to look at first for privesc. You don’t know what you don’t know :slight_smile: What to look for for reading material would be good too.

I was going to do some pcap.
Tried logging into FTP. Will have another go at this.

Many thanks

@Underworld said:
Could some one PM me with a hint as what to look at first for privesc. You don’t know what you don’t know :slight_smile: What to look for for reading material would be good too.

I was going to do some pcap.
Tried logging into FTP. Will have another go at this.

Many thanks

At a start, re-read the ticketing system pages. I think there are lots of hints there (but it is something I am rubbish at so I think an attempt I’ll have to privesc will need lots more research).