Carrier

@sherl said:
ok, solved user flag. easy peasy :yum:

can you give me a hint? stuck after the login, tried to use the url to get a shell but no idea what to do

I found the c***k parameter and used the right encoding but I am still not getting any output or a reverse shell. Can someone PM me?

Guys if someone is willing to help, can you PM me.

I believe i’m getting very close to the final part and believe I have the concept in mind, but just can’t seem to put it into action.

for details: I already hijacked the B** Ro*** with Q*****.

@mabunemeh said:
Guys if someone is willing to help, can you PM me.

I believe i’m getting very close to the final part and believe I have the concept in mind, but just can’t seem to put it into action.

for details: I already hijacked the B** Ro*** with Q*****.

I’m in the same position!
If someone could please discuss via PM, i’d be extremely grateful :smiley:

Is it supposed to take a while after we’ve made the necessary change for continuing priv esc? I think I’ve done what I’m supposed to, but I’m not receiving traffic and it looks like the network is propagating through the wrong interface

Priv esc was an absolute brain**** but rooted thanks to help from @ZaphodBB and @Rantrel

Is anyone available to share a bit of guidance with privexec on this host. Unfortunately, my skill set in the needed area is a bit lacking and would I like to get a better grasp. I’ve read the documentation and understand the concept but I’m a bit lost on the actual implementation. Any feedback would be sincerely appreciated.

Can someone send me a hint regarding RCE? I have been poking the c******h parameter with little success, I can get it to modify its ‘normal’ purpose, to give a bit more, but can’t get RCE as a whole.

Spoiler Removed - egre55

stuck on getting initial foothold. Found some interesting files and ports, but I’m not getting anything when trying to connect/interact with them. does anyone have some references that would be helpful?

Edit: nvm my syntax was off. If you are stuck where I was check out ippsec’s video on Sneaky

so far I have gotten user.txt and its a really fun box. I am trying to get root here, and the learning curve is high, but its very fun.

Hello everyone, i understand i need to use a bgp hijacking technique cause quagga service is running and tcpdump to intercept traffic passing through the router but i don’t know how to do it. May someone help me ?

Hi currently stuck on how to manipulate the check parameter

EDIT

I just learned by myself how to do it. I’m proud of myself hahahaha

Was able to get the user.txt and I don’t know what to do next. Definitely need help for getting root. TIA

Yeah, I got user without an issue.

I’ve been playing around with the router service, changed the conf, and can telnet to the device but not sure where to go from here. I’m familiar with the routing protocols in use (at a Network+ level) but I’m pretty much stuck. Can I PM someone for some assistance? Thanks!

hello,
pleaaaaase PM, i’m stuck in the webapp, i dont know what i’m looking for ;')
please give me a hint.

Hey can anyone give a hint for RCE? I know it has something to do with c**k parameter but can’t figure out how to use it (checked Testing for Command Injection (OTG-INPVAL-013) - OWASP ) but just can’t seem to figure out how…
Edit: Got user, thanks @AverageJuan for the hint

@MrR3boot said:

@opt1kz said:
I just started poking at it, so I’m still enumerating and working on user. Is the serial number thing a dead end? Edit: It is not a dead end. Just had to enumerate more.

Stuck at this point.

Edit: Got it

Hey I am stuck at this point too, can you PM me a hint?

Hey would anyone be willing to PM a hint with priv sec. I understand I have to do use B** h*ing using q (I believe using vt**h) but I have no idea what to do…

Wow, finally was able to get the root flag. If you’re not well versed in networking, this will be a very challenging priv esc. There were a bunch of times that I wanted to give up because I wasn’t sure why things weren’t working – turns out, I just needed to try harder.