Carrier

@ASHacker said:
Hello Everyone, this is my first time solving any machine on (carrier) on HTB. so i need your help.
i have found a unique port 161 but it’s not opening on browser. i am trying to enumerating this but no clue…
and i found ‘error_codes.pdf’ file from where i got the clue that password is some serial no, but i also don’t know how to get that…
if anyone can give me hint what to do next?

Try to google port 161 and you will understand

@nofunofunofun said:

@shaboti said:
Enumerate port 1*1 and get SN…, try to use it as pwd for login but no success? Any hint please!

you are in the correct direction but take a look more close in the SN/password

Oh, Yes. Thank you so much.

Logged in and now playing with diag, it was returning some output, not it is not returning anything (even with the default encoded q…ga param.

any idea, what could be the problem?
Thanks

EDIT: It works again !

@ZeusBot said:
Guyz im strucked in s**p port enu i got interested result SN******* from that port. any idea. give me some hint?

i just want to know how did you get this result SN****** i tried to google about port 1*1(s**p) but got no clue…

@ASHacker said:

@ZeusBot said:
Guyz im strucked in s**p port enu i got interested result SN******* from that port. any idea. give me some hint?

i just want to know how did you get this result SN****** i tried to google about port 1*1(s**p) but got no clue…

Look at how to enumerate that service

so whats with secretdata.txt ?

@EvilMonkee said:

@ASHacker said:

@ZeusBot said:
Guyz im strucked in s**p port enu i got interested result SN******* from that port. any idea. give me some hint?

i just want to know how did you get this result SN****** i tried to google about port 1*1(s**p) but got no clue…

Look at how to enumerate that service

@EvilMonkee said:

@ASHacker said:

@ZeusBot said:
Guyz im strucked in s**p port enu i got interested result SN******* from that port. any idea. give me some hint?

i just want to know how did you get this result SN****** i tried to google about port 1*1(s**p) but got no clue…

Look at how to enumerate that service

Thank you that was a great help to let me think from other way

I’ve been able to get a reverse shell, although i don’t really understand why i spawned into this machine and not on the web server (maybe i’m in a VM).
I think the next step is to find some info on the server on the subnet which is given in the ticket. However when I log in with ftp, it’s empty. I really don’t know what to do.

@nessaj said:
I’ve been able to get a reverse shell, although i don’t really understand why i spawned into this machine and not on the web server (maybe i’m in a VM).
The web server does not execute the code on its machine. there is a persistent ssh connection from the internal host to the web server, and the web server sends the commands you give it thru the ssh tunnel to this other host.
So your RCE is basically being funneled to another machine

got root…thanks for those who helped me a lot…pm for hints…

Why jrgdiaz is resetting the system???

I am stuck with the reverse shell on the website, if anyone can give me a hint, that would be great.

Hi,
the string i got from the MIB doesnt seem to work on login page.
Tried all of the combinations i could think of. A hint please ?

cool. got user with RCE. now to move onto root. PM me if you need hints with user… but yeah RCE is all you need, then you just need to “locate” the file :+1:

I have a shell, got user.txt , I’m ‘root’ , I’m pretty far, but stuck at privesc. I’ve read that it’s a must to have knowledge about CCNA routing/switching, Maybe someone would like to teach me a bit :slight_smile:

How did you guys enum S***. I’m using S***-C***** and the results i am getting are blank. I am using the public s**** on the correct port? Any help?

Guys the root is brain F**K and i don’t now why the review is so low. The difficulty is 10/10…You have to have CCNP to solve it. Even if you have CCNA you will not find the answer. Please be more objective when review a machine

Finally obtained root flag. Awesome Machine. I am just a month old in HTB and this was the hardest machine for me. Really learnt a lot. Special thanks to @tobor and @Tract0r for helping out.Pm for hints if needed.

Oh boiiiiiiiiiiiiiiiiiii!

Got root. Such an asymmetric box… got user in about 20 mins (half of that waiting for the nmap scan). Took a couple of tries to get root. Let’s just say that you need to brush up on networking. There was an earlier comment saying you need your CCNP, I’d say it’s not that extreme if you’ve hung around corporates for a bit and have been on the technical side, but if you haven’t had any network exposure I’d suggest reading up on different forms of network abuse. Hark back to your uni days and think on the OSI model, look at the tickets on the dashboard, and you should start to piece things together.
Happy to give out oblique and barely understandable hints via PM…

Super fun box though, the dopamine hit is noice!