Carrier

It took me more time to get user than root. I think torking as a net admin gave me an advantage.
What I don’t know now is what to do with ‘secretdata’ I’m sure it has something to do with the prince. Any suggestions?

any hint on RCE? except for parameter name and encoding…

Can someone PM me a hint for the RCE part? I’ve identified where to exploit it, I think I’ve traced out what’s going on when the button is clicked, but everytime I try to encode (and I’ve tried several different encodings) a command to be executed, I get no output.

any hint on RCE? except for parameter name and encoding…

@nergalwaja said:
Can someone PM me a hint for the RCE part? I’ve identified where to exploit it, I think I’ve traced out what’s going on when the button is clicked, but everytime I try to encode (and I’ve tried several different encodings) a command to be executed, I get no output.

same here , couldnt get it to exec…

@nergalwaja said:
Can someone PM me a hint for the RCE part? I’ve identified where to exploit it, I think I’ve traced out what’s going on when the button is clicked, but everytime I try to encode (and I’ve tried several different encodings) a command to be executed, I get no output.

same here , couldnt get it to exec…

@nergalwaja said:
Can someone PM me a hint for the RCE part? I’ve identified where to exploit it, I think I’ve traced out what’s going on when the button is clicked, but everytime I try to encode (and I’ve tried several different encodings) a command to be executed, I get no output.

try to append to the what you have. Instead of giving as new command. that may work.

I am stuck after getting root shell. Not very well versed in networking.
I`ve tried some tc****p and some t*****.
Can someone give me a hint or PM me please?

@guihle said:
I am stuck after getting root shell. Not very well versed in networking.
I`ve tried some tc****p and some t*****.
Can someone give me a hint or PM me please?

me too.

If anyone would mind showing me how to get the shell. I know what I am meant to be doing ie fiddling with the parameter using q**gga. but I don’t know HOW to do it using Burp. Can anyone help a noob?

@EvilMonkee said:
If anyone would mind showing me how to get the shell. I know what I am meant to be doing ie fiddling with the parameter using q**gga. but I don’t know HOW to do it using Burp. Can anyone help a noob?

Append your command there and get the shell.
If it’s still not happening. PM me.

Thanks to @sesha569 for the help - knew what to do but just needed a shove over the edge. User obtained now onto getting a more permanent shell. Thanks dude

Can someone help me on the priv escalation. I am pretty much newbie in routing stuff. So stuck bd.cf edits or changes. I saw B** H***** blogs or videos. But not able to change and listen back or get the root. Can someone help with that? thanks.

Can someone point me in the right direction? I can get s*** but not s** commands to redirect the V*P PS. I have reverse-shell access and I found the initial service needed to start tc changes.

using l**t was frustrating to see what it revealed.

(1) It took 2 days to get user part.

@sesha569 said:
Can someone help me on the priv escalation. I am pretty much newbie in routing stuff. So stuck bd.cf edits or changes. I saw B** H***** blogs or videos. But not able to change and listen back or get the root. Can someone help with that? thanks.

I’m on the same boat…

How the ■■■■ on earth to do priv escalation on this box … any hints guys … read everything about B** Hac**** . Got vt*** shell … changed every possible flow but i have nothing in hand to look at :confused: i have spent 5 days only on priv escalation …

i am not able to understand how to append the command in the webapp to get reverse shell
i got that i have to do something with c*****dh but as the value is fixed at server end i am not abel to find anything
i am still new
little help will be appreciated

any help on RCE?

You need to use Burp to modify the command

I stuck at the privesc for 2 days.I check the route table and some info on tickets page.But still have no idea.Any help?Plz PM me…