Carrier

1131416181928

Comments

  • Once you get a shell, getting an interactive one will not be a problem

  • Need help with privesc. The changes I'm making are not giving me the traffic I'm looking for.

  • gm0gm0
    edited December 2018

    Done!

    So glad to have got this box rooted and off the to-do list.

    Thanks to @snowscan for a unique box.

    Thanks to all who helped it was really appreciated!

  • Same here ... wow this box definitely though me a lot ...!!! Quick question though, does anyone know what secretdata.txt is for?

  • Wow! It was an amazing machine and it made me learn so much. Huge thanks to @jkr and @pikey301 for leading to clue.

    kamilonurz

  • Can someone give me advice on RCE with this plz? I'm new to this sort of scenario. I understand it's to do with the V***** S***** on the D********** page but I'm unsure how to execute.

    tiger5tyle

  • @tiger5tyle said:
    Can someone give me advice on RCE with this plz? I'm new to this sort of scenario. I understand it's to do with the V***** S***** on the D********** page but I'm unsure how to execute.

    There is a button on the webpage that executes a query/command...
    Find out how to add your own cmd (using the same language spoken) and listen

  • I'm stuck as root on first shell.
    Network enumerated, playing with vt**h, dumping the packets with t*****p and analysing but can not figure out a attack...

    I believe I am almost there but need a nudge to guide, anyone please?

  • It took me more time to get user than root. I think torking as a net admin gave me an advantage.
    What I don't know now is what to do with 'secretdata' I'm sure it has something to do with the prince. Any suggestions?

    epsequiel

  • edited December 2018

    any hint on RCE? except for parameter name and encoding...

    lokendra
    Message me with 1) Your problem description. 2) What you tried so far? 3) Conclusions.
    RESPECT++ IF I HELPED YOU.

  • Can someone PM me a hint for the RCE part? I've identified where to exploit it, I think I've traced out what's going on when the button is clicked, but everytime I try to encode (and I've tried several different encodings) a command to be executed, I get no output.

    b1gbroth3r

  • any hint on RCE? except for parameter name and encoding...

    lokendra
    Message me with 1) Your problem description. 2) What you tried so far? 3) Conclusions.
    RESPECT++ IF I HELPED YOU.

  • @nergalwaja said:
    Can someone PM me a hint for the RCE part? I've identified where to exploit it, I think I've traced out what's going on when the button is clicked, but everytime I try to encode (and I've tried several different encodings) a command to be executed, I get no output.

    same here , couldnt get it to exec..

    lokendra
    Message me with 1) Your problem description. 2) What you tried so far? 3) Conclusions.
    RESPECT++ IF I HELPED YOU.

  • @nergalwaja said:
    Can someone PM me a hint for the RCE part? I've identified where to exploit it, I think I've traced out what's going on when the button is clicked, but everytime I try to encode (and I've tried several different encodings) a command to be executed, I get no output.

    same here , couldnt get it to exec..

    @nergalwaja said:
    Can someone PM me a hint for the RCE part? I've identified where to exploit it, I think I've traced out what's going on when the button is clicked, but everytime I try to encode (and I've tried several different encodings) a command to be executed, I get no output.

    try to append to the what you have. Instead of giving as new command. that may work.

    sesha569

  • Hey I need some help with getting reverse shell. I am stuck at the command execution part

  • edited December 2018

    I am stuck after getting root shell. Not very well versed in networking.
    I`ve tried some tc****p and some t*****.
    Can someone give me a hint or PM me please?

  • @guihle said:
    I am stuck after getting root shell. Not very well versed in networking.
    I`ve tried some tc****p and some t*****.
    Can someone give me a hint or PM me please?

    me too.

    Fun times are bound to end. - Korosensei

  • If anyone would mind showing me how to get the shell. I know what I am meant to be doing ie fiddling with the parameter using q**gga. but I don't know HOW to do it using Burp. Can anyone help a noob?

  • @EvilMonkee said:
    If anyone would mind showing me how to get the shell. I know what I am meant to be doing ie fiddling with the parameter using q**gga. but I don't know HOW to do it using Burp. Can anyone help a noob?

    Append your command there and get the shell.
    If it's still not happening. PM me.

    sesha569

  • Thanks to @sesha569 for the help - knew what to do but just needed a shove over the edge. User obtained now onto getting a more permanent shell. Thanks dude

  • Can someone help me on the priv escalation. I am pretty much newbie in routing stuff. So stuck bd.cf edits or changes. I saw B** H***** blogs or videos. But not able to change and listen back or get the root. Can someone help with that? thanks.

    sesha569

  • edited December 2018

    Can someone point me in the right direction? I can get s*** but not s** commands to redirect the V*P P*****S. I have reverse-shell access and I found the initial service needed to start t*****c changes.

    using l**t was frustrating to see what it revealed.

  • edited December 2018

    (1) It took 2 days to get user part.

    ASHacker

  • @sesha569 said:
    Can someone help me on the priv escalation. I am pretty much newbie in routing stuff. So stuck bd.cf edits or changes. I saw B** H***** blogs or videos. But not able to change and listen back or get the root. Can someone help with that? thanks.

    I'm on the same boat...

  • How the hell on earth to do priv escalation on this box ....... any hints guys ..... read everything about B** Hac**** . Got vt*** shell ...... changed every possible flow but i have nothing in hand to look at :/ i have spent 5 days only on priv escalation .....

  • edited December 2018

    i am not able to understand how to append the command in the webapp to get reverse shell
    i got that i have to do something with c*****dh but as the value is fixed at server end i am not abel to find anything
    i am still new
    little help will be appreciated

  • any help on RCE?

  • You need to use Burp to modify the command

  • I stuck at the privesc for 2 days.I check the route table and some info on tickets page.But still have no idea.Any help?Plz PM me..

  • Hey guys I am stuck in this privesc for nearly a week not sure how to exploit it any hints would be great.

Sign In to comment.