Carrier

Already login to web page, poke around and found diagnostic page, any body can give me hint to reverse Shell or RCE to get user? I am stuck :smiley:

ok I am in the last stage of rooting the box , I am seing the cnx coming in but I dont have the time to type anything beofre the cnx is exiting , it is in fact exiting immediately before I can type anything …

Any idea why someone ?

thanks

@jreeves said:
so whats with secretdata.txt ?

has anyone come to understand what this is about?

Great box! I’ve learned a lot, although it was a bit tough as to get the root flag everybody needs to do some testing and it is inevitable to interfere with each other.

Spoiler Removed - egre55

I dont get it… port 1*1 gives me 0 response. Tried different s**p tools to communicate with it… always errors or no responses Any hint? I tried hours to get anything out of it…

@xeto said:
I dont get it… port 1*1 gives me 0 response. Tried different s**p tools to communicate with it… always errors or no responses Any hint? I tried hours to get anything out of it…

I had the best luck taking it for a walk.

@noahcain said:

@xeto said:
I dont get it… port 1*1 gives me 0 response. Tried different s**p tools to communicate with it… always errors or no responses Any hint? I tried hours to get anything out of it…

I had the best luck taking it for a walk.

tried the *walk too. The problem is i always get an unknows object identifier error which should not be. I already reinstalled the s**p packet. Nothing helps

@noahcain said:

@xeto said:
I dont get it… port 1*1 gives me 0 response. Tried different s**p tools to communicate with it… always errors or no responses Any hint? I tried hours to get anything out of it…

I had the best luck taking it for a walk.

Forget everything what i said lel … Now its working :slight_smile: Thanks man. Without your response i wouldnt have tried it again with a walk

@xeto said:

@noahcain said:

@xeto said:
I dont get it… port 1*1 gives me 0 response. Tried different s**p tools to communicate with it… always errors or no responses Any hint? I tried hours to get anything out of it…

I had the best luck taking it for a walk.

Forget everything what i said lel … Now its working :slight_smile: Thanks man. Without your response i wouldnt have tried it again with a walk

hah, glad it worked out.

Finally got root! secretdata.txt was a fun bonus.

@opt1kz said:
I just started poking at it, so I’m still enumerating and working on user. Is the serial number thing a dead end? Edit: It is not a dead end. Just had to enumerate more.

Stuck

Can anyone give me an hint (DM) on privesc on this machine? Thank you.

I found the african animal and his companion but I am not sure what to do with them.

i found something via s**p enum …how to find the username for website login

@abishek said:
i found something via s**p enum …how to find the username for website login

What are some common usernames for web interfaces?

Got user and RCE. After reading all the “horror” stories for getting root on this box, not going to try unless someone wants to hold my hand :pensive:

Overall fun box and I’d say has some real world application to it.

@avoidy said:

@abishek said:
i found something via s**p enum …how to find the username for website login

What are some common usernames for web interfaces?

i guessed the most probable ones…but no luck…please inbox me

I got into the web interface but i’m currently stuck on what to do next. I tried to use b*** S**** on the diag page but can’t figure out how to spawn a reverse shell or where to go from here. Any help would be appreciated.

@trickb0t said:
I got into the web interface but i’m currently stuck on what to do next. I tried to use b*** S**** on the diag page but can’t figure out how to spawn a reverse shell or where to go from here. Any help would be appreciated.

I can help you get a user flag from here, but I haven’t gone any further with this box due to all the nighmares about root :stuck_out_tongue:

@abishek said:

@avoidy said:

@abishek said:
i found something via s**p enum …how to find the username for website login

What are some common usernames for web interfaces?

i guessed the most probable ones…but no luck…please inbox me

If you did, then you probably have the wrong password. Did you get information needed from SNMP? If not, do that.

@abishek said:
i found something via s**p enum …how to find the username for website login

I’m not sure why people are having such a hard time with the username. For educational stuff, it’s basically in the doc :wink: Did you find anything, like even a PDF? If so, you answer lies there–if still stuck, just do a google search on that “code”.

Second, what is one the the most absolute common logins for admin panels? I can’t make it any easier for you from here :wink:

Priv esc is killing me…