Hey,
I’m inside the website but stuck with getting shell or anything…
Can someone PM me or help me here with some hints?
Thanks…
Well after 2 days i finally got user and a good understanding of the routing structure in the environment, but if i’m being honest i don’t think that i can figure out root. I know pretty much what i need to do, reroute B** to send packets meant to go to F** server through “my” router, but im lacking the technical skill to do that. Its a great box and taught me a lot, but ill probably put it on the “Read a writeup” once its retired category!
I’m utterly stuck on this machine. Got RCE yesterday but have been stuck on privesc for 10+ hours now. I know I need to disguise myself as what the VIP wants (I have the IP), but I’m not sure how to do it with the b*pd config and it’s related software. Well, I am pretty sure but I’m just missing something. I’ve tried all kinds of different variants and monitored the packets, nothing seems to work. Can someone help me?
Should my S**P enum be coming back empty?..
give this a google
BGP Prefix Hijack Attacks - ColoState
I am stuck, I have RCE with burp but can’t with the shell… it doesn’t work =(
I’m pretty sure I’m doing the routing protocol attack correctly, but I’m not seeing any file sharing protocol traffic unless I initiate it. I assume I’m not supposed to brute force the file sharing protocol, but I’m not sure what I’m doing wrong- the file sharing protocol appears to allow anonymous access, but using it doesn’t list any files (so I assume I need credentials). Am I on the right track, at least?
edit:
I figured out what I’m doing wrong. I’m not configuring forwarding correctly, so packets are getting lost- hence no traffic.
Already login to web page, poke around and found diagnostic page, any body can give me hint to reverse Shell or RCE to get user? I am stuck
ok I am in the last stage of rooting the box , I am seing the cnx coming in but I dont have the time to type anything beofre the cnx is exiting , it is in fact exiting immediately before I can type anything …
Any idea why someone ?
thanks
Great box! I’ve learned a lot, although it was a bit tough as to get the root flag everybody needs to do some testing and it is inevitable to interfere with each other.
Spoiler Removed - egre55
I dont get it… port 1*1 gives me 0 response. Tried different s**p tools to communicate with it… always errors or no responses Any hint? I tried hours to get anything out of it…
@xeto said:
I dont get it… port 1*1 gives me 0 response. Tried different s**p tools to communicate with it… always errors or no responses Any hint? I tried hours to get anything out of it…
I had the best luck taking it for a walk.
@noahcain said:
@xeto said:
I dont get it… port 1*1 gives me 0 response. Tried different s**p tools to communicate with it… always errors or no responses Any hint? I tried hours to get anything out of it…I had the best luck taking it for a walk.
tried the *walk too. The problem is i always get an unknows object identifier error which should not be. I already reinstalled the s**p packet. Nothing helps
@noahcain said:
@xeto said:
I dont get it… port 1*1 gives me 0 response. Tried different s**p tools to communicate with it… always errors or no responses Any hint? I tried hours to get anything out of it…I had the best luck taking it for a walk.
Forget everything what i said lel … Now its working Thanks man. Without your response i wouldnt have tried it again with a walk
@xeto said:
@noahcain said:
@xeto said:
I dont get it… port 1*1 gives me 0 response. Tried different s**p tools to communicate with it… always errors or no responses Any hint? I tried hours to get anything out of it…I had the best luck taking it for a walk.
Forget everything what i said lel … Now its working Thanks man. Without your response i wouldnt have tried it again with a walk
hah, glad it worked out.
Finally got root! secretdata.txt was a fun bonus.
@opt1kz said:
I just started poking at it, so I’m still enumerating and working on user. Is the serial number thing a dead end? Edit: It is not a dead end. Just had to enumerate more.
Stuck
Can anyone give me an hint (DM) on privesc on this machine? Thank you.
I found the african animal and his companion but I am not sure what to do with them.
i found something via s**p enum …how to find the username for website login