Carrier

I got the user flag but I have no idea what to do about privesc. I’m trying to piece together the clues from the site and this thread but I haven’t messed with networking since I took some Cisco networking classes years ago. Can anyone provide me a good link to things I should know for this box?

@shaboti said:
Logged in and now playing with diag, it was returning some output, not it is not returning anything (even with the default encoded q…ga param.

any idea, what could be the problem?
Thanks

EDIT: It works again !

I could sure use a hint on this? I’ve tried substituting (encoded) everything I can think of in this place, but not able to get past it.

EDIT: Well… I got a “root” shell, but not really…

Any one to help me on priv esc ?stucked after getting user…figured out inside services running but am lost … Thanks

Hey,
I’m inside the website but stuck with getting shell or anything…
Can someone PM me or help me here with some hints?
Thanks…

Well after 2 days i finally got user and a good understanding of the routing structure in the environment, but if i’m being honest i don’t think that i can figure out root. I know pretty much what i need to do, reroute B** to send packets meant to go to F** server through “my” router, but im lacking the technical skill to do that. Its a great box and taught me a lot, but ill probably put it on the “Read a writeup” once its retired category!

I’m utterly stuck on this machine. Got RCE yesterday but have been stuck on privesc for 10+ hours now. I know I need to disguise myself as what the VIP wants (I have the IP), but I’m not sure how to do it with the b*pd config and it’s related software. Well, I am pretty sure but I’m just missing something. I’ve tried all kinds of different variants and monitored the packets, nothing seems to work. Can someone help me?

Should my S**P enum be coming back empty?..

give this a google

BGP Prefix Hijack Attacks - ColoState

finally rooted, thanks to some help from @marine

I am stuck, I have RCE with burp but can’t with the shell… it doesn’t work =(

I’m pretty sure I’m doing the routing protocol attack correctly, but I’m not seeing any file sharing protocol traffic unless I initiate it. I assume I’m not supposed to brute force the file sharing protocol, but I’m not sure what I’m doing wrong- the file sharing protocol appears to allow anonymous access, but using it doesn’t list any files (so I assume I need credentials). Am I on the right track, at least?

edit:
I figured out what I’m doing wrong. I’m not configuring forwarding correctly, so packets are getting lost- hence no traffic.

Already login to web page, poke around and found diagnostic page, any body can give me hint to reverse Shell or RCE to get user? I am stuck :smiley:

ok I am in the last stage of rooting the box , I am seing the cnx coming in but I dont have the time to type anything beofre the cnx is exiting , it is in fact exiting immediately before I can type anything …

Any idea why someone ?

thanks

@jreeves said:
so whats with secretdata.txt ?

has anyone come to understand what this is about?

Great box! I’ve learned a lot, although it was a bit tough as to get the root flag everybody needs to do some testing and it is inevitable to interfere with each other.

Spoiler Removed - egre55

I dont get it… port 1*1 gives me 0 response. Tried different s**p tools to communicate with it… always errors or no responses Any hint? I tried hours to get anything out of it…

@xeto said:
I dont get it… port 1*1 gives me 0 response. Tried different s**p tools to communicate with it… always errors or no responses Any hint? I tried hours to get anything out of it…

I had the best luck taking it for a walk.

@noahcain said:

@xeto said:
I dont get it… port 1*1 gives me 0 response. Tried different s**p tools to communicate with it… always errors or no responses Any hint? I tried hours to get anything out of it…

I had the best luck taking it for a walk.

tried the *walk too. The problem is i always get an unknows object identifier error which should not be. I already reinstalled the s**p packet. Nothing helps

@noahcain said:

@xeto said:
I dont get it… port 1*1 gives me 0 response. Tried different s**p tools to communicate with it… always errors or no responses Any hint? I tried hours to get anything out of it…

I had the best luck taking it for a walk.

Forget everything what i said lel … Now its working :slight_smile: Thanks man. Without your response i wouldnt have tried it again with a walk

@xeto said:

@noahcain said:

@xeto said:
I dont get it… port 1*1 gives me 0 response. Tried different s**p tools to communicate with it… always errors or no responses Any hint? I tried hours to get anything out of it…

I had the best luck taking it for a walk.

Forget everything what i said lel … Now its working :slight_smile: Thanks man. Without your response i wouldnt have tried it again with a walk

hah, glad it worked out.

Finally got root! secretdata.txt was a fun bonus.