Carrier

@abishek said:
i found something via s**p enum …how to find the username for website login

What are some common usernames for web interfaces?

Got user and RCE. After reading all the “horror” stories for getting root on this box, not going to try unless someone wants to hold my hand :pensive:

Overall fun box and I’d say has some real world application to it.

@avoidy said:

@abishek said:
i found something via s**p enum …how to find the username for website login

What are some common usernames for web interfaces?

i guessed the most probable ones…but no luck…please inbox me

I got into the web interface but i’m currently stuck on what to do next. I tried to use b*** S**** on the diag page but can’t figure out how to spawn a reverse shell or where to go from here. Any help would be appreciated.

@trickb0t said:
I got into the web interface but i’m currently stuck on what to do next. I tried to use b*** S**** on the diag page but can’t figure out how to spawn a reverse shell or where to go from here. Any help would be appreciated.

I can help you get a user flag from here, but I haven’t gone any further with this box due to all the nighmares about root :stuck_out_tongue:

@abishek said:

@avoidy said:

@abishek said:
i found something via s**p enum …how to find the username for website login

What are some common usernames for web interfaces?

i guessed the most probable ones…but no luck…please inbox me

If you did, then you probably have the wrong password. Did you get information needed from SNMP? If not, do that.

@abishek said:
i found something via s**p enum …how to find the username for website login

I’m not sure why people are having such a hard time with the username. For educational stuff, it’s basically in the doc :wink: Did you find anything, like even a PDF? If so, you answer lies there–if still stuck, just do a google search on that “code”.

Second, what is one the the most absolute common logins for admin panels? I can’t make it any easier for you from here :wink:

Priv esc is killing me…

Woohoo privesc progress… thanks to reviewing the info I already have, plus some more enumeration, plus some trivial binary arithmetic.

Edit: squeeeeeee! I got root! Holy cow that was a lot of learning. It’s going to take me a couple of hours to complete my writeup on this one, and I’ll be adding to my personal list of useful tools and tips in about 3 different sections. This box was definitely worth trying harder on.

Any hints to get root.txt? I do not understand this router :anguished:

Wow, what a box! After two days of investigation and some hints I was able to figure what was needed. 2 days of continuous learning. As always the needed hints are in this forum.

Got root thanks a lot to @breakingthings, very nice mate!!

is someone avaliable to PM me about privesc??? i have tried several times B** h******* with no success.

Could I get some help regarding B** P***** h*****ing, please. I read the “ColoState” page to get an idea about the process, but I am not sure how I can apply it. Cheers!

Login Bypassed

move to user :slight_smile:

@AzAxIaL said:
Could I get some help regarding B** P***** h*****ing, please. I read the “ColoState” page to get an idea about the process, but I am not sure how I can apply it. Cheers!

Try to find out which configuration decides what you announce and play with it. Also use some tools to watch the traffic going around, to get a better understanding of sent packages.

Spoiler Removed - egre55

@Leakme said:
the doc.

Pay close attention to the doc. You have enough information to log in.

For priv esc, I’m able to t*pd**p after making certain modifications, and I’m able to see requests. What exactly are we looking for?