Carrier

i am not able to understand how to append the command in the webapp to get reverse shell
i got that i have to do something with c*****dh but as the value is fixed at server end i am not abel to find anything
i am still new
little help will be appreciated

any help on RCE?

You need to use Burp to modify the command

I stuck at the privesc for 2 days.I check the route table and some info on tickets page.But still have no idea.Any help?Plz PM me…

For the privesc there are 2 major points: messages on the dashboard (extremely important) and understanding of B** hij***.
If you’re stuck, try to answer these questions one by one.

  1. How many B** participants?
  2. What are they advertised (each of them)?
  3. Is there something interesting (see the messages mentioned above)?
  4. What is it?
  5. How could you get it in “normal” network, in the same LAN for example?
  6. Obviously, we have much more sophisticated case, so what we will do to reach our goal and how B** can help us?
    Are you thoroughly investigated all links on B** in this thread? They have detailed instructions for similar cases.

I think one of the biggest challenges with this box is actually understanding what you need to do and having a game plan. This is one you can’t just bash out with google without understanding what you are doing.

I’ve had people reach out to me with some very strange ideas based on tips they’ve received but actually have no understanding of what it is they are doing. This machine really needs you to understand the basic concepts that you can build up on to things you may not know.

A game plan will help you build a high level plan on what you are trying to accomplish , the steps you will go through and then work out what you need to learn to bridge the gap of your current skill set to make that game plan achievable.

Man this machine was crazy … the attack itself was easy to understand but required a lot of detailing in order to execute … aaaah !!! finally rooted it … Thanks to all those who helped me @quas @noahcain and @s4rgey … and also for not spoiling the fun all the way through

I’ve just discovered the meaning of secretdata.txt.

Tnks to @ferreirasc for helping me on my first lab, and kudos++ to @snowscan for creating a such great challenge.

Hack N’ Roll \m/

was able to get into web app and see where i need to do RCE with compressed value but cant figure out why code isnt running when i replace value any tips?

I just rooted the box! Kudos to @Draco123 for his amazing help!
Any hints on what secretdata.txt is ? :open_mouth:

Finally got the root.
Got the user 2 months back. But it took 2 months for root.
Thanks @3therk1ll buddy. Without your help I may not understand the underneath concept or made it to root.
Thanks @Puru and @dropdown We had a great private discussions about this machine. That’s a nice technical stuff.

Last but not the least thanks @snowscan for this wonderful machine. Learnt a lot in the network :slight_smile:

@maycon said:
I’ve just discovered the meaning of secretdata.txt.

I never worked out what that was for. Any chance of a PM to give me a hint (or a spoiler :smile: )

Stuck at Dia****** page. Don’t really know how to inject a reverse shell there. Can somebody help me ?

@kreskin I’m in the same boat I can change the ch*** variable to navigate through files but can’t execute code, any pm would be greatly appreciated

This machine is driving me crazy. Now tcpdump seems to only give me 74 bytes of packet data even though it says “capture size 262144 bytes” :anguished:

Finally rooted it :slight_smile:

Awesome box, and a complete change from most other challenges! All the hints for what needs to be done are called out within the application. Looks like their fixes aren’t correct! You need to expand on it a little bit and pretend to be a certain service :slight_smile:

As everyone has said, understand the type of machine you’re on, the primary services, and how they’re implemented in this environment. This is a practical attack and can happen both accidentally and intentionally.

Found the 2 docs but cannot login. Cant find any chesis number,

any hint?

I’ve yet to even get a shell on the machine.

I’ve found the non-tcp port everyone has posted about on this thread, and I’ve enumerated it with every script I can find. None of them return any results whatsoever. If somebody could PM me for help with the scripts I’d appreciate it.

Having problem with privsec, can someone sheds me some light for the b*** h*****? Need some help with v****. PM please.