Carrier

Does this require any specialized tools or scripts once you’re connected or can it be accomplished with standard bash commands?

@Skunkfoot said:
Does this require any specialized tools or scripts once you’re connected or can it be accomplished with standard bash commands?

I used a static version of nmap, it’s not 100% required but still helps a lot.

Rooted after 2 days. Nice work @snowscan, learned a lot from this machine

@Skunkfoot said:
Does this require any specialized tools or scripts once you’re connected or can it be accomplished with standard bash commands?

I wrote a simple bash script for that.

finally had the time to work on privesc, new stuff comes to HTB and that’s a very good thing!
i think last step is quite contrived anyway.
thanks snowscan :slight_smile:

Finally rooted :slight_smile: It took a while mostly because it was really hard to figure stuff out with routes constantly changing, people messing with b** etc. But it was a great challenge anyway, I feel really proud of myself :smiley: Thanks @snowscan!

ok can i ask for some help with the reverse shell, i will explain in PM where i am at so as to now ruin it for anyone, or “repeating” what others are saying…

@RPSUK said:
ok can i ask for some help with the reverse shell, i will explain in PM where i am at so as to now ruin it for anyone, or “repeating” what others are saying…

PM me

done

guys i understand everybody is here to learn, but i think before doing this box you should study a bit linux networking configuration. i mean don’t pretend in pvt i explain you even how to add an ip to an eth. just google it. if you just run cmds without understand what they do well… good luck.

@0xlc said:
guys i understand everybody is here to learn, but i think before doing this box you should study a bit linux networking configuration. i mean don’t pretend in pvt i explain you even how to add an ip to an eth. just google it. if you just run cmds without understand what they do well… good luck.

I see what you did there…

Kinda need some help, I can’t find the number I’m looking for… PM me if you want to help me out :stuck_out_tongue:

Spoiler Removed - Arrexel

@missionstarted said:
Spoiler Removed - Arrexel

Think “common misconfiguration”

@missionstarted said:
Spoiler Removed - Arrexel

Check the meaning of error codes

If anyone has any recommendations for reading material to pass commands for RCE - much appreciated - struggling with B**p.

@jamesa @T0ha Thanks, Btw Got the user flag, now heading towards root.

@InfoSecGuy23 said:
If anyone has any recommendations for reading material to pass commands for RCE - much appreciated - struggling with B**p.

https://www.owasp.org/index.php/Testing_for_Command_Injection_(OTG-INPVAL-013)

but before you need to figure out how add this to that parameter…

Got Carrier… MAN that PRIV ESC was CRAZY…

people stay f****** this box but got no route and must reset it
if every body do as me no one can work with this box
i work for priv esc and i had the brain fu*****ed and when found something the box is reseted and i still stuck for the priv esc i turn in round
if any body have an idea for help me plz pm me