Carrier

give this a google

BGP Prefix Hijack Attacks - ColoState

finally rooted, thanks to some help from @marine

I am stuck, I have RCE with burp but can’t with the shell… it doesn’t work =(

I’m pretty sure I’m doing the routing protocol attack correctly, but I’m not seeing any file sharing protocol traffic unless I initiate it. I assume I’m not supposed to brute force the file sharing protocol, but I’m not sure what I’m doing wrong- the file sharing protocol appears to allow anonymous access, but using it doesn’t list any files (so I assume I need credentials). Am I on the right track, at least?

edit:
I figured out what I’m doing wrong. I’m not configuring forwarding correctly, so packets are getting lost- hence no traffic.

Already login to web page, poke around and found diagnostic page, any body can give me hint to reverse Shell or RCE to get user? I am stuck :smiley:

ok I am in the last stage of rooting the box , I am seing the cnx coming in but I dont have the time to type anything beofre the cnx is exiting , it is in fact exiting immediately before I can type anything …

Any idea why someone ?

thanks

@jreeves said:
so whats with secretdata.txt ?

has anyone come to understand what this is about?

Great box! I’ve learned a lot, although it was a bit tough as to get the root flag everybody needs to do some testing and it is inevitable to interfere with each other.

Spoiler Removed - egre55

I dont get it… port 1*1 gives me 0 response. Tried different s**p tools to communicate with it… always errors or no responses Any hint? I tried hours to get anything out of it…

@xeto said:
I dont get it… port 1*1 gives me 0 response. Tried different s**p tools to communicate with it… always errors or no responses Any hint? I tried hours to get anything out of it…

I had the best luck taking it for a walk.

@noahcain said:

@xeto said:
I dont get it… port 1*1 gives me 0 response. Tried different s**p tools to communicate with it… always errors or no responses Any hint? I tried hours to get anything out of it…

I had the best luck taking it for a walk.

tried the *walk too. The problem is i always get an unknows object identifier error which should not be. I already reinstalled the s**p packet. Nothing helps

@noahcain said:

@xeto said:
I dont get it… port 1*1 gives me 0 response. Tried different s**p tools to communicate with it… always errors or no responses Any hint? I tried hours to get anything out of it…

I had the best luck taking it for a walk.

Forget everything what i said lel … Now its working :slight_smile: Thanks man. Without your response i wouldnt have tried it again with a walk

@xeto said:

@noahcain said:

@xeto said:
I dont get it… port 1*1 gives me 0 response. Tried different s**p tools to communicate with it… always errors or no responses Any hint? I tried hours to get anything out of it…

I had the best luck taking it for a walk.

Forget everything what i said lel … Now its working :slight_smile: Thanks man. Without your response i wouldnt have tried it again with a walk

hah, glad it worked out.

Finally got root! secretdata.txt was a fun bonus.

@opt1kz said:
I just started poking at it, so I’m still enumerating and working on user. Is the serial number thing a dead end? Edit: It is not a dead end. Just had to enumerate more.

Stuck

Can anyone give me an hint (DM) on privesc on this machine? Thank you.

I found the african animal and his companion but I am not sure what to do with them.

i found something via s**p enum …how to find the username for website login

@abishek said:
i found something via s**p enum …how to find the username for website login

What are some common usernames for web interfaces?

Got user and RCE. After reading all the “horror” stories for getting root on this box, not going to try unless someone wants to hold my hand :pensive:

Overall fun box and I’d say has some real world application to it.

@avoidy said:

@abishek said:
i found something via s**p enum …how to find the username for website login

What are some common usernames for web interfaces?

i guessed the most probable ones…but no luck…please inbox me

I got into the web interface but i’m currently stuck on what to do next. I tried to use b*** S**** on the diag page but can’t figure out how to spawn a reverse shell or where to go from here. Any help would be appreciated.