Carrier

i have no idea what ssh key people are talking about. i couldn’t find any keys on this box, not in the usual locations and not somewhere else :frowning:

Can anyone PM me to help me to het Root here. I know it’s a Network thing. I see a specific route thing, but then the wall get’s to hard :frowning:

Hack The Box

Got root. What a great box. I almost blow my brain to get this done. I was thinking too hard, but in the end was a simple thing. Saw 2 ways to get this done. there’s much easier and another not so easy, but on the real world we don’t always will have root access on pivot machine to get this done. So networking is fundamental on this box.

EDIT: what is the thing with the secretdata?? and the Nigerian Prince?

still struggling with user. what am I missing. got admin credentials bt can’t find any, executable or interactive shell/service as suggested by others. I get “Configuration changes locked, will be reverted automatically” . some tabs/links restricted due to expired license. I just can’t find anything remotely close to an interactive shell on the admin page

@mcknicks said:
still struggling with user. what am I missing. got admin credentials bt can’t find any, executable or interactive shell/service as suggested by others. I get “Configuration changes locked, will be reverted automatically” . some tabs/links restricted due to expired license. I just can’t find anything remotely close to an interactive shell on the admin page

Pm me, I can give you some help.

@bokanrb said:
Got root. What a great box. I almost blow my brain to get this done. I was thinking too hard, but in the end was a simple thing. Saw 2 ways to get this done. there’s much easier and another not so easy, but on the real world we don’t always will have root access on pivot machine to get this done. So networking is fundamental on this box.

EDIT: what is the thing with the secretdata?? and the Nigerian Prince?

Lol, no clue secret data but the Nigerian prince is a well known email scam.

Can someone help me? I can create a reverse shell but the connection automatically dies within a second…

@mcknicks said:
still struggling with user. what am I missing. got admin credentials bt can’t find any, executable or interactive shell/service as suggested by others. I get “Configuration changes locked, will be reverted automatically” . some tabs/links restricted due to expired license. I just can’t find anything remotely close to an interactive shell on the admin page

Same here…Stuck on user, I passed the login, I watched every path, every js … But I’m totally blinded right now! I exchange adamantium for a hint LOL

For the love of God I can’t even enumerate after user with all the resets! Is that from necessity or just people not getting what they are looking for? I see that elegant, striped African animal galloping over its common ports ? but nothing in iptables list

@skarfaze said:

@mcknicks said:
still struggling with user. what am I missing. got admin credentials bt can’t find any, executable or interactive shell/service as suggested by others. I get “Configuration changes locked, will be reverted automatically” . some tabs/links restricted due to expired license. I just can’t find anything remotely close to an interactive shell on the admin page

Same here…Stuck on user, I passed the login, I watched every path, every js … But I’m totally blinded right now! I exchange adamantium for a hint LOL

Look at the diagnostics page in great detail.

@3s073r1k said:
For the love of God I can’t even enumerate after user with all the resets! Is that from necessity or just people not getting what they are looking for? I see that elegant, striped African animal galloping over its common ports ? but nothing in iptables list

I suspect it is a mix of people not realising how to clean up after themselves and other people not realising what they are doing is wrong, so thinking they need to reset the box.

It might help to Google what the African striped animal, and its colleague from the user entry point, do and what tools you can use around that.

Yeah just reading a bit more on that African animal ? and taking a look back through some info on web panel.
Thanks :v:

@skarfaze said:

@mcknicks said:
still struggling with user. what am I missing. got admin credentials bt can’t find any, executable or interactive shell/service as suggested by others. I get “Configuration changes locked, will be reverted automatically” . some tabs/links restricted due to expired license. I just can’t find anything remotely close to an interactive shell on the admin page

Same here…Stuck on user, I passed the login, I watched every path, every js … But I’m totally blinded right now! I exchange adamantium for a hint LOL

Same boat dude :confused:

learned a lot on this box…
thanks to creator @snowscan and thanks to @TazWake :slight_smile:

If you’re stuck on web panel, look at the source code, see if there’s any encoding and use that mixed with basic injection techniques… as far as privesc goes I did some reading and pretty sure I know my attack vector but the resets are too much so I might wait to get vip or untill less people working on it!

Is there anyone I can PM to discuss the pivot phase? Laying out what I know so far, and my thoughts should also help me understand what I need to do.

like most I am stuck trying to figure out where to go after reverse shell…i know networking pretty well since its my day job but the routes and b** config looks fine…captures didnt show anything besides arps and b** exchanges…found a possible vulnerability but cant find any help on exploiting it…i know, i know, i know…try harder

So I’ve got what should be a viable way to get the user.txt, but the flag appears to not be where I expected? There’s no user.txt file in the /home/[username]/ directory.

Anyone else run into this problem, or am I just missing a trick?

@TheTarquin said:
So I’ve got what should be a viable way to get the user.txt, but the flag appears to not be where I expected? There’s no user.txt file in the /home/[username]/ directory.

Anyone else run into this problem, or am I just missing a trick?

Look at which user you are and where their home directory is. It should be there.

just finish rooting, super fun box, that had me tier my hair at the end because was doing 3 things wrong and super complicating myself for knowing some protocols, prob will had been easier if I did not lol and also if I actually had read with more detail one last clue I missed. good box @snowscan BTW what is this extra file we find?