Carrier

Hey,
I’m inside the website but stuck with getting shell or anything…
Can someone PM me or help me here with some hints?
Thanks…

Well after 2 days i finally got user and a good understanding of the routing structure in the environment, but if i’m being honest i don’t think that i can figure out root. I know pretty much what i need to do, reroute B** to send packets meant to go to F** server through “my” router, but im lacking the technical skill to do that. Its a great box and taught me a lot, but ill probably put it on the “Read a writeup” once its retired category!

I’m utterly stuck on this machine. Got RCE yesterday but have been stuck on privesc for 10+ hours now. I know I need to disguise myself as what the VIP wants (I have the IP), but I’m not sure how to do it with the b*pd config and it’s related software. Well, I am pretty sure but I’m just missing something. I’ve tried all kinds of different variants and monitored the packets, nothing seems to work. Can someone help me?

Should my S**P enum be coming back empty?..

give this a google

BGP Prefix Hijack Attacks - ColoState

finally rooted, thanks to some help from @marine

I am stuck, I have RCE with burp but can’t with the shell… it doesn’t work =(

I’m pretty sure I’m doing the routing protocol attack correctly, but I’m not seeing any file sharing protocol traffic unless I initiate it. I assume I’m not supposed to brute force the file sharing protocol, but I’m not sure what I’m doing wrong- the file sharing protocol appears to allow anonymous access, but using it doesn’t list any files (so I assume I need credentials). Am I on the right track, at least?

edit:
I figured out what I’m doing wrong. I’m not configuring forwarding correctly, so packets are getting lost- hence no traffic.

Already login to web page, poke around and found diagnostic page, any body can give me hint to reverse Shell or RCE to get user? I am stuck :smiley:

ok I am in the last stage of rooting the box , I am seing the cnx coming in but I dont have the time to type anything beofre the cnx is exiting , it is in fact exiting immediately before I can type anything …

Any idea why someone ?

thanks

@jreeves said:
so whats with secretdata.txt ?

has anyone come to understand what this is about?

Great box! I’ve learned a lot, although it was a bit tough as to get the root flag everybody needs to do some testing and it is inevitable to interfere with each other.

Spoiler Removed - egre55

I dont get it… port 1*1 gives me 0 response. Tried different s**p tools to communicate with it… always errors or no responses Any hint? I tried hours to get anything out of it…

@xeto said:
I dont get it… port 1*1 gives me 0 response. Tried different s**p tools to communicate with it… always errors or no responses Any hint? I tried hours to get anything out of it…

I had the best luck taking it for a walk.

@noahcain said:

@xeto said:
I dont get it… port 1*1 gives me 0 response. Tried different s**p tools to communicate with it… always errors or no responses Any hint? I tried hours to get anything out of it…

I had the best luck taking it for a walk.

tried the *walk too. The problem is i always get an unknows object identifier error which should not be. I already reinstalled the s**p packet. Nothing helps

@noahcain said:

@xeto said:
I dont get it… port 1*1 gives me 0 response. Tried different s**p tools to communicate with it… always errors or no responses Any hint? I tried hours to get anything out of it…

I had the best luck taking it for a walk.

Forget everything what i said lel … Now its working :slight_smile: Thanks man. Without your response i wouldnt have tried it again with a walk

@xeto said:

@noahcain said:

@xeto said:
I dont get it… port 1*1 gives me 0 response. Tried different s**p tools to communicate with it… always errors or no responses Any hint? I tried hours to get anything out of it…

I had the best luck taking it for a walk.

Forget everything what i said lel … Now its working :slight_smile: Thanks man. Without your response i wouldnt have tried it again with a walk

hah, glad it worked out.

Finally got root! secretdata.txt was a fun bonus.

@opt1kz said:
I just started poking at it, so I’m still enumerating and working on user. Is the serial number thing a dead end? Edit: It is not a dead end. Just had to enumerate more.

Stuck

Can anyone give me an hint (DM) on privesc on this machine? Thank you.

I found the african animal and his companion but I am not sure what to do with them.

i found something via s**p enum …how to find the username for website login