Carrier

17810121328

Comments

  • @TazWake said:

    @EvilMonkee said:

    Ok have the SN***** but now cant figure out what to do with it?

    Log in with it?

    Sorry no idea where

  • Anyone help me to get the login? I have enumerated literally 2 timed full thing but no progress... Even enumerated the 161 but just gives a string... What to do with that?

  • use that string

  • Where ? Did at login page with username admin but no luck

  • Check you ib

  • How do I exploit the page after login? Googled but not luck stuck help plzz.. :astonished:

  • Thnx a loot hackthebox for blocking me for 15 min . I figured user from my own :) thnx again...

  • Hi guys, I just rooted this amazing box! Feel free to PM if you need :)

  • root at last :)

    I think this box is easily my personal favourite.

    No hints from me about root, just a bit of a friendly push in the right direction regarding the right things to read and learn from.
    For routing knowledge I'd recommend CCNA level material regarding IP addresses, subnet masks, and how routing tables are maintained / what metrics are used to update a routing table. Then, some intro level material into a certain protocol and its metrics would be highly recommended.

    study hard! :)

  • @l30n said:

    @jackshd said:
    someone is available on PM, i can enumerate the 1*1 port but i can't get the SN.
    i treid several tools, with several options without success.

    >
    Hint : sometime you just need to learn from Simple Natural Mistake and Walk in the crowed Public with them. Make sure you use the right shoe Version.

    hahaha this tip was so funny :)

  • just captured F*p creds what to do now hint please..?

  • @sakyb said:
    just captured F*p creds what to do now hint please..?

    If they are the ones I think they are, log in with them.

  • > @TazWake said:
    > @sakyb said:
    > just captured F*p creds what to do now hint please..?
    >
    >
    >
    >
    >
    > If they are the ones I think they are, log in with them.

    Login where???
  • @sakyb said:

    Login where???

    I'd try one of the places your initial enumeration identified.

  • User was interesting.. once you know which port to look at it's relatively straight forward. If anyone wants to help with user drop me a message...
    Onto root!

  • Did the SN and webapp login, found something in diags but actually stuck right there...
    As a network rookie, any hints are welcome :anguished:

    Thanks !

    Hack The Box

  • @nickxla said:
    Did the SN and webapp login, found something in diags but actually stuck right there...
    As a network rookie, any hints are welcome :anguished:

    Thanks !

    sometimes U need encoded

  • edited October 2018

    Can someone confirm they have got this g4y RCE working with curl ? Pretty please... before I loose my damn mind. Thanks in advance.

    PM me if you would. Much appreciated.

  • Enumerate port 1*1 and get SN..., try to use it as pwd for login but no success? Any hint please!

  • edited October 2018

    @shaboti said:
    Enumerate port 1*1 and get SN..., try to use it as pwd for login but no success? Any hint please!

    you are in the correct direction but take a look more close in the SN/password

  • Hello Everyone, this is my first time solving any machine on (carrier) on HTB. so i need your help.
    i have found a unique port 161 but it's not opening on browser. i am trying to enumerating this but no clue...
    and i found 'error_codes.pdf' file from where i got the clue that password is some serial no, but i also don't know how to get that...
    if anyone can give me hint what to do next?

    ASHacker

  • edited October 2018

    @ASHacker said:
    Hello Everyone, this is my first time solving any machine on (carrier) on HTB. so i need your help.
    i have found a unique port 161 but it's not opening on browser. i am trying to enumerating this but no clue...
    and i found 'error_codes.pdf' file from where i got the clue that password is some serial no, but i also don't know how to get that...
    if anyone can give me hint what to do next?

    You're looking at the right port, look carefully.

  • edited October 2018

    Still stuck trying to understand diags. I am pretty sure I have something to do with c**l and RCE but I don't know where to go.

    Feel free to PM if contains spoilers, thanks

    EDIT: Got user, thanks @TheInnocent

    Hack The Box

  • Rooted

    User was simple - as long as you dont over look simple/obvious things

    Root was tough as old boots - BUT everything in this box is a clue to the next step

    You WILL need a fairly good knowledge of network protocols for this

    Once you have user - make a note of everything you find - it will come in useful later

    Thanks to @BoiteAKlou for noticing one letter missing right at the last hurdle

    If like me you copy and paste notes - make sure you have copied every character !

    ZaphodBB

  • @dualfade said:
    Can someone confirm they have got this g4y RCE working with curl ? Pretty please... before I loose my damn mind. Thanks in advance.

    PM me if you would. Much appreciated.

    Sure, anything that can talk HTTP should work.

    koredump
    If you PM, please include the steps you've already taken. Don't forget to hit the respect button!

  • edited October 2018

    @koredump said:

    @dualfade said:
    Can someone confirm they have got this g4y RCE working with curl ? Pretty please... before I loose my damn mind. Thanks in advance.

    PM me if you would. Much appreciated.

    Sure, anything that can talk HTTP should work.

    Well I cannot respond to you. Keep's dropping my PM. Weak sauce hah. Thanks for responding.

    Edit. For some reason it is not working w/ curl. Odd. Same payload and all from ZAP / Burp. Boo...

  • rooted. My hints for this box:

    • for user, don't stop at the very first nmap scan, use full potential and enumerate every service. Reading everything in the web portal will help. Once inside, try to play with the only interesting parameter you see in burp to obtain a shell

    • for root you don't have to do much but you'll have to KNOW much about a certain service. First thing, run enumeration scan, then try to read as much as you can about how things like that work

    TheInnocent

    "I recognize, Mr. Reese, that there's a disparity between how much I know about you and how much you know about me. I know you'll be trying to close that gap as quickly as possible. But I should tell you... I'm a really private person."

  • @ASHacker said:
    Hello Everyone, this is my first time solving any machine on (carrier) on HTB. so i need your help.
    i have found a unique port 161 but it's not opening on browser. i am trying to enumerating this but no clue...
    and i found 'error_codes.pdf' file from where i got the clue that password is some serial no, but i also don't know how to get that...
    if anyone can give me hint what to do next?

    Try to google port 161 and you will understand

  • @nofunofunofun said:

    @shaboti said:
    Enumerate port 1*1 and get SN..., try to use it as pwd for login but no success? Any hint please!

    you are in the correct direction but take a look more close in the SN/password

    Oh, Yes. Thank you so much.

  • edited October 2018

    Logged in and now playing with diag, it was returning some output, not it is not returning anything (even with the default encoded q..ga param.

    any idea, what could be the problem?
    Thanks

    EDIT: It works again !

Sign In to comment.