Carrier

1131416181928

Comments

  • Once you get a shell, getting an interactive one will not be a problem

  • Need help with privesc. The changes I'm making are not giving me the traffic I'm looking for.

  • gm0gm0
    edited December 2018

    Done!

    So glad to have got this box rooted and off the to-do list.

    Thanks to @snowscan for a unique box.

    Thanks to all who helped it was really appreciated!

  • Same here ... wow this box definitely though me a lot ...!!! Quick question though, does anyone know what secretdata.txt is for?

  • Wow! It was an amazing machine and it made me learn so much. Huge thanks to @jkr and @pikey301 for leading to clue.

    kamilonurz

  • Can someone give me advice on RCE with this plz? I'm new to this sort of scenario. I understand it's to do with the V***** S***** on the D********** page but I'm unsure how to execute.

    tiger5tyle

  • @tiger5tyle said:
    Can someone give me advice on RCE with this plz? I'm new to this sort of scenario. I understand it's to do with the V***** S***** on the D********** page but I'm unsure how to execute.

    There is a button on the webpage that executes a query/command...
    Find out how to add your own cmd (using the same language spoken) and listen

  • I'm stuck as root on first shell.
    Network enumerated, playing with vt**h, dumping the packets with t*****p and analysing but can not figure out a attack...

    I believe I am almost there but need a nudge to guide, anyone please?

  • It took me more time to get user than root. I think torking as a net admin gave me an advantage.
    What I don't know now is what to do with 'secretdata' I'm sure it has something to do with the prince. Any suggestions?

    epsequiel

  • edited December 2018

    any hint on RCE? except for parameter name and encoding...

    lokendra
    Message me with 1) Your problem description. 2) What you tried so far? 3) Conclusions.
    RESPECT++ IF I HELPED YOU.

  • Can someone PM me a hint for the RCE part? I've identified where to exploit it, I think I've traced out what's going on when the button is clicked, but everytime I try to encode (and I've tried several different encodings) a command to be executed, I get no output.

    b1gbroth3r

  • any hint on RCE? except for parameter name and encoding...

    lokendra
    Message me with 1) Your problem description. 2) What you tried so far? 3) Conclusions.
    RESPECT++ IF I HELPED YOU.

  • @nergalwaja said:
    Can someone PM me a hint for the RCE part? I've identified where to exploit it, I think I've traced out what's going on when the button is clicked, but everytime I try to encode (and I've tried several different encodings) a command to be executed, I get no output.

    same here , couldnt get it to exec..

    lokendra
    Message me with 1) Your problem description. 2) What you tried so far? 3) Conclusions.
    RESPECT++ IF I HELPED YOU.

  • @nergalwaja said:
    Can someone PM me a hint for the RCE part? I've identified where to exploit it, I think I've traced out what's going on when the button is clicked, but everytime I try to encode (and I've tried several different encodings) a command to be executed, I get no output.

    same here , couldnt get it to exec..

    @nergalwaja said:
    Can someone PM me a hint for the RCE part? I've identified where to exploit it, I think I've traced out what's going on when the button is clicked, but everytime I try to encode (and I've tried several different encodings) a command to be executed, I get no output.

    try to append to the what you have. Instead of giving as new command. that may work.

    sesha569

  • edited December 2018

    I am stuck after getting root shell. Not very well versed in networking.
    I`ve tried some tc****p and some t*****.
    Can someone give me a hint or PM me please?

  • @guihle said:
    I am stuck after getting root shell. Not very well versed in networking.
    I`ve tried some tc****p and some t*****.
    Can someone give me a hint or PM me please?

    me too.

    Fun times are bound to end. - Korosensei

  • If anyone would mind showing me how to get the shell. I know what I am meant to be doing ie fiddling with the parameter using q**gga. but I don't know HOW to do it using Burp. Can anyone help a noob?

  • @EvilMonkee said:
    If anyone would mind showing me how to get the shell. I know what I am meant to be doing ie fiddling with the parameter using q**gga. but I don't know HOW to do it using Burp. Can anyone help a noob?

    Append your command there and get the shell.
    If it's still not happening. PM me.

    sesha569

  • Thanks to @sesha569 for the help - knew what to do but just needed a shove over the edge. User obtained now onto getting a more permanent shell. Thanks dude

  • Can someone help me on the priv escalation. I am pretty much newbie in routing stuff. So stuck bd.cf edits or changes. I saw B** H***** blogs or videos. But not able to change and listen back or get the root. Can someone help with that? thanks.

    sesha569

  • edited December 2018

    Can someone point me in the right direction? I can get s*** but not s** commands to redirect the V*P P*****S. I have reverse-shell access and I found the initial service needed to start t*****c changes.

    using l**t was frustrating to see what it revealed.

  • edited December 2018

    (1) It took 2 days to get user part.

    ASHacker

  • @sesha569 said:
    Can someone help me on the priv escalation. I am pretty much newbie in routing stuff. So stuck bd.cf edits or changes. I saw B** H***** blogs or videos. But not able to change and listen back or get the root. Can someone help with that? thanks.

    I'm on the same boat...

  • How the hell on earth to do priv escalation on this box ....... any hints guys ..... read everything about B** Hac**** . Got vt*** shell ...... changed every possible flow but i have nothing in hand to look at :/ i have spent 5 days only on priv escalation .....

  • edited December 2018

    i am not able to understand how to append the command in the webapp to get reverse shell
    i got that i have to do something with c*****dh but as the value is fixed at server end i am not abel to find anything
    i am still new
    little help will be appreciated

  • any help on RCE?

  • You need to use Burp to modify the command

  • I stuck at the privesc for 2 days.I check the route table and some info on tickets page.But still have no idea.Any help?Plz PM me..

  • For the privesc there are 2 major points: messages on the dashboard (extremely important) and understanding of B** hij***.
    If you're stuck, try to answer these questions one by one.
    1. How many B** participants?
    2. What are they advertised (each of them)?
    3. Is there something interesting (see the messages mentioned above)?
    4. What is it?
    5. How could you get it in "normal" network, in the same LAN for example?
    6. Obviously, we have much more sophisticated case, so what we will do to reach our goal and how B** can help us?
    Are you thoroughly investigated all links on B** in this thread? They have detailed instructions for similar cases.
  • edited December 2018

    I think one of the biggest challenges with this box is actually understanding what you need to do and having a game plan. This is one you can't just bash out with google without understanding what you are doing.

    I've had people reach out to me with some very strange ideas based on tips they've received but actually have no understanding of what it is they are doing. This machine really needs you to understand the basic concepts that you can build up on to things you may not know.

    A game plan will help you build a high level plan on what you are trying to accomplish , the steps you will go through and then work out what you need to learn to bridge the gap of your current skill set to make that game plan achievable.

    Hack The Box

Sign In to comment.