Carrier

@jreeves said:
so whats with secretdata.txt ?

has anyone come to understand what this is about?

Great box! I’ve learned a lot, although it was a bit tough as to get the root flag everybody needs to do some testing and it is inevitable to interfere with each other.

Spoiler Removed - egre55

I dont get it… port 1*1 gives me 0 response. Tried different s**p tools to communicate with it… always errors or no responses Any hint? I tried hours to get anything out of it…

@xeto said:
I dont get it… port 1*1 gives me 0 response. Tried different s**p tools to communicate with it… always errors or no responses Any hint? I tried hours to get anything out of it…

I had the best luck taking it for a walk.

@noahcain said:

@xeto said:
I dont get it… port 1*1 gives me 0 response. Tried different s**p tools to communicate with it… always errors or no responses Any hint? I tried hours to get anything out of it…

I had the best luck taking it for a walk.

tried the *walk too. The problem is i always get an unknows object identifier error which should not be. I already reinstalled the s**p packet. Nothing helps

@noahcain said:

@xeto said:
I dont get it… port 1*1 gives me 0 response. Tried different s**p tools to communicate with it… always errors or no responses Any hint? I tried hours to get anything out of it…

I had the best luck taking it for a walk.

Forget everything what i said lel … Now its working :slight_smile: Thanks man. Without your response i wouldnt have tried it again with a walk

@xeto said:

@noahcain said:

@xeto said:
I dont get it… port 1*1 gives me 0 response. Tried different s**p tools to communicate with it… always errors or no responses Any hint? I tried hours to get anything out of it…

I had the best luck taking it for a walk.

Forget everything what i said lel … Now its working :slight_smile: Thanks man. Without your response i wouldnt have tried it again with a walk

hah, glad it worked out.

Finally got root! secretdata.txt was a fun bonus.

@opt1kz said:
I just started poking at it, so I’m still enumerating and working on user. Is the serial number thing a dead end? Edit: It is not a dead end. Just had to enumerate more.

Stuck

Can anyone give me an hint (DM) on privesc on this machine? Thank you.

I found the african animal and his companion but I am not sure what to do with them.

i found something via s**p enum …how to find the username for website login

@abishek said:
i found something via s**p enum …how to find the username for website login

What are some common usernames for web interfaces?

Got user and RCE. After reading all the “horror” stories for getting root on this box, not going to try unless someone wants to hold my hand :pensive:

Overall fun box and I’d say has some real world application to it.

@avoidy said:

@abishek said:
i found something via s**p enum …how to find the username for website login

What are some common usernames for web interfaces?

i guessed the most probable ones…but no luck…please inbox me

I got into the web interface but i’m currently stuck on what to do next. I tried to use b*** S**** on the diag page but can’t figure out how to spawn a reverse shell or where to go from here. Any help would be appreciated.

@trickb0t said:
I got into the web interface but i’m currently stuck on what to do next. I tried to use b*** S**** on the diag page but can’t figure out how to spawn a reverse shell or where to go from here. Any help would be appreciated.

I can help you get a user flag from here, but I haven’t gone any further with this box due to all the nighmares about root :stuck_out_tongue:

@abishek said:

@avoidy said:

@abishek said:
i found something via s**p enum …how to find the username for website login

What are some common usernames for web interfaces?

i guessed the most probable ones…but no luck…please inbox me

If you did, then you probably have the wrong password. Did you get information needed from SNMP? If not, do that.

@abishek said:
i found something via s**p enum …how to find the username for website login

I’m not sure why people are having such a hard time with the username. For educational stuff, it’s basically in the doc :wink: Did you find anything, like even a PDF? If so, you answer lies there–if still stuck, just do a google search on that “code”.

Second, what is one the the most absolute common logins for admin panels? I can’t make it any easier for you from here :wink:

Priv esc is killing me…

Woohoo privesc progress… thanks to reviewing the info I already have, plus some more enumeration, plus some trivial binary arithmetic.

Edit: squeeeeeee! I got root! Holy cow that was a lot of learning. It’s going to take me a couple of hours to complete my writeup on this one, and I’ll be adding to my personal list of useful tools and tips in about 3 different sections. This box was definitely worth trying harder on.

Any hints to get root.txt? I do not understand this router :anguished: