Carrier

Was able to get the user.txt and I don’t know what to do next. Definitely need help for getting root. TIA

Yeah, I got user without an issue.

I’ve been playing around with the router service, changed the conf, and can telnet to the device but not sure where to go from here. I’m familiar with the routing protocols in use (at a Network+ level) but I’m pretty much stuck. Can I PM someone for some assistance? Thanks!

hello,
pleaaaaase PM, i’m stuck in the webapp, i dont know what i’m looking for ;')
please give me a hint.

Hey can anyone give a hint for RCE? I know it has something to do with c**k parameter but can’t figure out how to use it (checked Testing for Command Injection (OTG-INPVAL-013) - OWASP ) but just can’t seem to figure out how…
Edit: Got user, thanks @AverageJuan for the hint

@MrR3boot said:

@opt1kz said:
I just started poking at it, so I’m still enumerating and working on user. Is the serial number thing a dead end? Edit: It is not a dead end. Just had to enumerate more.

Stuck at this point.

Edit: Got it

Hey I am stuck at this point too, can you PM me a hint?

Hey would anyone be willing to PM a hint with priv sec. I understand I have to do use B** h*ing using q (I believe using vt**h) but I have no idea what to do…

Wow, finally was able to get the root flag. If you’re not well versed in networking, this will be a very challenging priv esc. There were a bunch of times that I wanted to give up because I wasn’t sure why things weren’t working – turns out, I just needed to try harder.

I’m very close on this one. Redirection complete, I have interesting traffic coming to me and I’m able to capture it, but I’m only seeing the first part of the 3 way thing - any hints?

After hours pulling my hair out, using nmap scripts, metasploit modules and every variation of the output of the port as a password - it came to me…find a tool you haven’t used before! hey presto I’m in and off and running. Amazing what a walk to clear the head can do :wink:

hi, i obtained the user flag quite quickly, but i cannot get the reverse shell.
i can the reverse connection, but it keeps dropping. on the other hand the nc version used does not allow me to use the -e or -c switch…
any help here?

or maybe i don’t have to get reverse shell to take care of mentioned african animal?

This was one of the most interesting boxes I’ve come across, the networking portion of this box was just excellent.

Go have a look there @Everlastdg , it may help for reverse shell (and maybe for other things not related to this box).
http://pentestmonkey.net/category/cheat-sheet
Who knows … maybe something will work …

Rooted … good box. Well thought out. Probably takes a lot of people out of their comfort zone.

Hello someone have a hint after the login to the admin web page ? . I want to get user access on the machine but the password is not the same when I try ssh connection . Help me please , i’m stuck for hours ^^

@sekeita

@GreysMatter said:
@sekeita

There is one page that stands out from the others … perhaps burp would show something interesting

Spoiler Removed - egre55

.

Having trouble with the initial user flag. Found 1*1 and what should be the webapp username, but I don’t know where to go from here. PM please?

Anyone available for some tips about RCE? I know I’m looking at the right thing, but I think I need to learn a bit more about different ways to execute it… Thanks!