Carrier

Is anyone available to share a bit of guidance with privexec on this host. Unfortunately, my skill set in the needed area is a bit lacking and would I like to get a better grasp. I’ve read the documentation and understand the concept but I’m a bit lost on the actual implementation. Any feedback would be sincerely appreciated.

Can someone send me a hint regarding RCE? I have been poking the c******h parameter with little success, I can get it to modify its ‘normal’ purpose, to give a bit more, but can’t get RCE as a whole.

Spoiler Removed - egre55

stuck on getting initial foothold. Found some interesting files and ports, but I’m not getting anything when trying to connect/interact with them. does anyone have some references that would be helpful?

Edit: nvm my syntax was off. If you are stuck where I was check out ippsec’s video on Sneaky

so far I have gotten user.txt and its a really fun box. I am trying to get root here, and the learning curve is high, but its very fun.

Hello everyone, i understand i need to use a bgp hijacking technique cause quagga service is running and tcpdump to intercept traffic passing through the router but i don’t know how to do it. May someone help me ?

Hi currently stuck on how to manipulate the check parameter

EDIT

I just learned by myself how to do it. I’m proud of myself hahahaha

Was able to get the user.txt and I don’t know what to do next. Definitely need help for getting root. TIA

Yeah, I got user without an issue.

I’ve been playing around with the router service, changed the conf, and can telnet to the device but not sure where to go from here. I’m familiar with the routing protocols in use (at a Network+ level) but I’m pretty much stuck. Can I PM someone for some assistance? Thanks!

hello,
pleaaaaase PM, i’m stuck in the webapp, i dont know what i’m looking for ;')
please give me a hint.

Hey can anyone give a hint for RCE? I know it has something to do with c**k parameter but can’t figure out how to use it (checked Testing for Command Injection (OTG-INPVAL-013) - OWASP ) but just can’t seem to figure out how…
Edit: Got user, thanks @AverageJuan for the hint

@MrR3boot said:

@opt1kz said:
I just started poking at it, so I’m still enumerating and working on user. Is the serial number thing a dead end? Edit: It is not a dead end. Just had to enumerate more.

Stuck at this point.

Edit: Got it

Hey I am stuck at this point too, can you PM me a hint?

Hey would anyone be willing to PM a hint with priv sec. I understand I have to do use B** h*ing using q (I believe using vt**h) but I have no idea what to do…

Wow, finally was able to get the root flag. If you’re not well versed in networking, this will be a very challenging priv esc. There were a bunch of times that I wanted to give up because I wasn’t sure why things weren’t working – turns out, I just needed to try harder.

I’m very close on this one. Redirection complete, I have interesting traffic coming to me and I’m able to capture it, but I’m only seeing the first part of the 3 way thing - any hints?

After hours pulling my hair out, using nmap scripts, metasploit modules and every variation of the output of the port as a password - it came to me…find a tool you haven’t used before! hey presto I’m in and off and running. Amazing what a walk to clear the head can do :wink:

hi, i obtained the user flag quite quickly, but i cannot get the reverse shell.
i can the reverse connection, but it keeps dropping. on the other hand the nc version used does not allow me to use the -e or -c switch…
any help here?

or maybe i don’t have to get reverse shell to take care of mentioned african animal?

This was one of the most interesting boxes I’ve come across, the networking portion of this box was just excellent.

Go have a look there @Everlastdg , it may help for reverse shell (and maybe for other things not related to this box).
http://pentestmonkey.net/category/cheat-sheet
Who knows … maybe something will work …

Rooted … good box. Well thought out. Probably takes a lot of people out of their comfort zone.