Carrier

Could I get some help regarding B** P***** h*****ing, please. I read the “ColoState” page to get an idea about the process, but I am not sure how I can apply it. Cheers!

Login Bypassed

move to user :slight_smile:

@AzAxIaL said:
Could I get some help regarding B** P***** h*****ing, please. I read the “ColoState” page to get an idea about the process, but I am not sure how I can apply it. Cheers!

Try to find out which configuration decides what you announce and play with it. Also use some tools to watch the traffic going around, to get a better understanding of sent packages.

Spoiler Removed - egre55

@Leakme said:
the doc.

Pay close attention to the doc. You have enough information to log in.

For priv esc, I’m able to t*pd**p after making certain modifications, and I’m able to see requests. What exactly are we looking for?

Hi guys,
I did the login, now I am in the web app, I inspected the code and found “check=” parameter and now I’m blocked. Some hint?

help please. Logged in into the front end but dir checker didn’t help me :confounded:

ok, solved user flag. easy peasy :yum:

@sherl said:
ok, solved user flag. easy peasy :yum:

can you give me a hint? stuck after the login, tried to use the url to get a shell but no idea what to do

I found the c***k parameter and used the right encoding but I am still not getting any output or a reverse shell. Can someone PM me?

Guys if someone is willing to help, can you PM me.

I believe i’m getting very close to the final part and believe I have the concept in mind, but just can’t seem to put it into action.

for details: I already hijacked the B** Ro*** with Q*****.

@mabunemeh said:
Guys if someone is willing to help, can you PM me.

I believe i’m getting very close to the final part and believe I have the concept in mind, but just can’t seem to put it into action.

for details: I already hijacked the B** Ro*** with Q*****.

I’m in the same position!
If someone could please discuss via PM, i’d be extremely grateful :smiley:

Is it supposed to take a while after we’ve made the necessary change for continuing priv esc? I think I’ve done what I’m supposed to, but I’m not receiving traffic and it looks like the network is propagating through the wrong interface

Priv esc was an absolute brain**** but rooted thanks to help from @ZaphodBB and @Rantrel

Is anyone available to share a bit of guidance with privexec on this host. Unfortunately, my skill set in the needed area is a bit lacking and would I like to get a better grasp. I’ve read the documentation and understand the concept but I’m a bit lost on the actual implementation. Any feedback would be sincerely appreciated.

Can someone send me a hint regarding RCE? I have been poking the c******h parameter with little success, I can get it to modify its ‘normal’ purpose, to give a bit more, but can’t get RCE as a whole.

Spoiler Removed - egre55

stuck on getting initial foothold. Found some interesting files and ports, but I’m not getting anything when trying to connect/interact with them. does anyone have some references that would be helpful?

Edit: nvm my syntax was off. If you are stuck where I was check out ippsec’s video on Sneaky