Carrier

191012141528

Comments

  • edited October 2018

    is the box down?

  • Finally, I got root. It was not easy. Thanks to @roastymaus , @The5thDomain and @marine for helping me out. I am not sure this would consider a spoiler, but for priv esc you can search for "b** q****a attack" and click on the first link on google. That should give you a start

  • FINALLY!!!! Get both missing txt :-)) Thanks a lot to @5N1P3R and @jreeves :-)

  • Hi,
    I got a basic nc shell via the admin panel but it's very limited and i've been trying to upgrade to a more complete one but to no avail.
    Am i wasting my time or should i continue in that path ?

  • The guy that is canceling all my resets stop please. The machine is broken

  • @novak said:
    Hey Guys,

    Got RCE but I'm stuck at shell. Tried a bunch of things with ch**k variable (e.g nc), no luck.

    Can someone give me a hint in private or is available to discuss the machine?

    Thanks,

    Same stage as you - did you have any luck? PM me if you want to avoid giving spoilers

  • edited October 2018

    Can someone PM about root? I know what I have to do and I have set up the scenario locally using docker and have successfully achieved what I believe I need to do. However i'm struggling to figure out how to apply this to the actual machine

  • I got the user flag but I have no idea what to do about privesc. I'm trying to piece together the clues from the site and this thread but I haven't messed with networking since I took some Cisco networking classes years ago. Can anyone provide me a good link to things I should know for this box?

  • edited November 2018

    @shaboti said:
    Logged in and now playing with diag, it was returning some output, not it is not returning anything (even with the default encoded q..ga param.

    any idea, what could be the problem?
    Thanks

    EDIT: It works again !

    I could sure use a hint on this? I've tried substituting (encoded) everything I can think of in this place, but not able to get past it.

    EDIT: Well.... I got a "root" shell, but not really....

    Shadow6

  • edited November 2018

    Any one to help me on priv esc ?stucked after getting user...figured out inside services running but am lost .... Thanks

  • Hey,
    I'm inside the website but stuck with getting shell or anything...
    Can someone PM me or help me here with some hints?
    Thanks...

  • Well after 2 days i finally got user and a good understanding of the routing structure in the environment, but if i'm being honest i don't think that i can figure out root. I know pretty much what i need to do, reroute B** to send packets meant to go to F** server through "my" router, but im lacking the technical skill to do that. Its a great box and taught me a lot, but ill probably put it on the "Read a writeup" once its retired category!

    Kwicster

  • edited November 2018
    I’m utterly stuck on this machine. Got RCE yesterday but have been stuck on privesc for 10+ hours now. I know I need to disguise myself as what the VIP wants (I have the IP), but I’m not sure how to do it with the b*pd config and it’s related software. Well, I am pretty sure but I’m just missing something. I’ve tried all kinds of different variants and monitored the packets, nothing seems to work. Can someone help me?
  • Should my S**P enum be coming back empty?.....

  • give this a google

    BGP Prefix Hijack Attacks - ColoState

  • finally rooted, thanks to some help from @marine

  • I am stuck, I have RCE with burp but can't with the shell... it doesn't work =(

  • edited November 2018

    I'm pretty sure I'm doing the routing protocol attack correctly, but I'm not seeing any file sharing protocol traffic unless I initiate it. I assume I'm not supposed to brute force the file sharing protocol, but I'm not sure what I'm doing wrong- the file sharing protocol appears to allow anonymous access, but using it doesn't list any files (so I assume I need credentials). Am I on the right track, at least?

    edit:
    I figured out what I'm doing wrong. I'm not configuring forwarding correctly, so packets are getting lost- hence no traffic.

    noahcain

  • Already login to web page, poke around and found diagnostic page, any body can give me hint to reverse Shell or RCE to get user? I am stuck :D

    banteng999

  • ok I am in the last stage of rooting the box , I am seing the cnx coming in but I dont have the time to type anything beofre the cnx is exiting , it is in fact exiting immediately before I can type anything ...........

    Any idea why someone ?

    thanks

  • @jreeves said:
    so whats with secretdata.txt ?

    has anyone come to understand what this is about?

  • edited November 2018

    Great box! I've learned a lot, although it was a bit tough as to get the root flag everybody needs to do some testing and it is inevitable to interfere with each other.

    Spoiler Removed - egre55


    image
                         HTB Profile


  • edited November 2018

    I dont get it.. port 1*1 gives me 0 response. Tried different s**p tools to communicate with it.. always errors or no responses Any hint? I tried hours to get anything out of it....

    xeto

  • @xeto said:
    I dont get it.. port 1*1 gives me 0 response. Tried different s**p tools to communicate with it.. always errors or no responses Any hint? I tried hours to get anything out of it....

    I had the best luck taking it for a walk.

    noahcain

  • @noahcain said:

    @xeto said:
    I dont get it.. port 1*1 gives me 0 response. Tried different s**p tools to communicate with it.. always errors or no responses Any hint? I tried hours to get anything out of it....

    I had the best luck taking it for a walk.

    tried the *walk too. The problem is i always get an unknows object identifier error which should not be. I already reinstalled the s**p packet. Nothing helps

    xeto

  • @noahcain said:

    @xeto said:
    I dont get it.. port 1*1 gives me 0 response. Tried different s**p tools to communicate with it.. always errors or no responses Any hint? I tried hours to get anything out of it....

    I had the best luck taking it for a walk.

    Forget everything what i said lel ... Now its working :) Thanks man. Without your response i wouldnt have tried it again with a walk

    xeto

  • edited November 2018

    @xeto said:

    @noahcain said:

    @xeto said:
    I dont get it.. port 1*1 gives me 0 response. Tried different s**p tools to communicate with it.. always errors or no responses Any hint? I tried hours to get anything out of it....

    I had the best luck taking it for a walk.

    Forget everything what i said lel ... Now its working :) Thanks man. Without your response i wouldnt have tried it again with a walk

    hah, glad it worked out.

    Finally got root! secretdata.txt was a fun bonus.

    noahcain

  • @opt1kz said:
    I just started poking at it, so I'm still enumerating and working on user. Is the serial number thing a dead end? Edit: It is not a dead end. Just had to enumerate more.

    Stuck

  • edited November 2018

    Can anyone give me an hint (DM) on privesc on this machine? Thank you.

    I found the african animal and his companion but I am not sure what to do with them.

  • i found something via s**p enum ..how to find the username for website login

Sign In to comment.