Carrier

@abishek said:

@avoidy said:

@abishek said:
i found something via s**p enum …how to find the username for website login

What are some common usernames for web interfaces?

i guessed the most probable ones…but no luck…please inbox me

If you did, then you probably have the wrong password. Did you get information needed from SNMP? If not, do that.

@abishek said:
i found something via s**p enum …how to find the username for website login

I’m not sure why people are having such a hard time with the username. For educational stuff, it’s basically in the doc :wink: Did you find anything, like even a PDF? If so, you answer lies there–if still stuck, just do a google search on that “code”.

Second, what is one the the most absolute common logins for admin panels? I can’t make it any easier for you from here :wink:

Priv esc is killing me…

Woohoo privesc progress… thanks to reviewing the info I already have, plus some more enumeration, plus some trivial binary arithmetic.

Edit: squeeeeeee! I got root! Holy cow that was a lot of learning. It’s going to take me a couple of hours to complete my writeup on this one, and I’ll be adding to my personal list of useful tools and tips in about 3 different sections. This box was definitely worth trying harder on.

Any hints to get root.txt? I do not understand this router :anguished:

Wow, what a box! After two days of investigation and some hints I was able to figure what was needed. 2 days of continuous learning. As always the needed hints are in this forum.

Got root thanks a lot to @breakingthings, very nice mate!!

is someone avaliable to PM me about privesc??? i have tried several times B** h******* with no success.

Could I get some help regarding B** P***** h*****ing, please. I read the “ColoState” page to get an idea about the process, but I am not sure how I can apply it. Cheers!

Login Bypassed

move to user :slight_smile:

@AzAxIaL said:
Could I get some help regarding B** P***** h*****ing, please. I read the “ColoState” page to get an idea about the process, but I am not sure how I can apply it. Cheers!

Try to find out which configuration decides what you announce and play with it. Also use some tools to watch the traffic going around, to get a better understanding of sent packages.

Spoiler Removed - egre55

@Leakme said:
the doc.

Pay close attention to the doc. You have enough information to log in.

For priv esc, I’m able to t*pd**p after making certain modifications, and I’m able to see requests. What exactly are we looking for?

Hi guys,
I did the login, now I am in the web app, I inspected the code and found “check=” parameter and now I’m blocked. Some hint?

help please. Logged in into the front end but dir checker didn’t help me :confounded:

ok, solved user flag. easy peasy :yum:

@sherl said:
ok, solved user flag. easy peasy :yum:

can you give me a hint? stuck after the login, tried to use the url to get a shell but no idea what to do

I found the c***k parameter and used the right encoding but I am still not getting any output or a reverse shell. Can someone PM me?