Carrier

I have no idea of how to approach this. I have tried the spwk and spc**k and I am not getting any info. Someone please PM me and give me a nudge or refrences. Thanks in advance.

Privesc is killing me… tried so many different approaches and nothing so far.
What I’m trying to do is adv the network that has issue and listening with t***p.
I can see the b
routes been advertised but nothing else interesting.
Might need to change my game plan.

Can anyone help me?

Found the SN#*********, then manage to connect to the webserver but i dont really know what to do next ? any hint ? am i supposed to find an uploader ?

thx

EDIT : Got user, no uploader need for this, its called Remote Code Execution so try to find user entry and exploit it…

@agentsky said:
already login in the website. Problem now is where to go… some hint would be good…
BTW: reading the Tickets, do i need to check on those IP?

hey agentsky, how did you login to the web application? I have the chassi key and I have tried the with different usernames. Do i need to enumerate more?

rooted! that was hard for me!
very cool box

Managed to read the user flag before I even spawned a shell. However, it confirmed my methodology was right for getting a shell. Now working towards root. Great box; learning a lot.

Hey guys. Is the machine broken or something?
I’m trying to log in to the Lyghtspeed page using the username found in the doc and S************3 as passwd but it keeps failing with Invalid username/password. Tried reseting the box but the problem persisted. Am I going on the wrong track?

@salamander said:
Hey guys. Is the machine broken or something?
I’m trying to log in to the Lyghtspeed page using the username found in the doc and S************3 as passwd but it keeps failing with Invalid username/password. Tried reseting the box but the problem persisted. Am I going on the wrong track?

The first three characters aren’t part of the pw.

Hi guys!

First things first, merry Christmas and hacky new year!

I’m working to get root flag. I’ve studied the environment and the technologies that are beeing used. I´m learning a lot with this box. Thanks @snowscan <3

I think that I’m almost there but something isn’t working properly and needs some fine tune.

Could somebody help me to finish the box? (PM)
=)

Finally got root. Was able to learn a lot with this machine with a particular protocol that was unknown to me, at least until now. Thanks @limbernie

i have not any idea how to start with this machine PM me any hint -sU result not helpful yet :wink:

@limbernie said:

@HopeHasAPlace said:
hey guys so i did snmp_login from metasploit and i see it says successful.
but when I do snmp_enum everything shows up blank like this:

[+] 10.10.10.105, Connected.

[*] System information:

Host IP : 10.10.10.105
Hostname : -
Description : -
Contact : -
Location : -
Uptime snmp : -
Uptime system : -
System date : -

[] Scanned 1 of 1 hosts (100% complete)
[
] Auxiliary module execution completed

ANy reason why I am getting this error?

how to install spwk to parrot os.it has only s********k . i search on google.but i did not find anythig abt it.

Use s**pw**k my friend, to walk the entire MIB hierarchy starting from the root. I leave it to you to figure out how to do that.

I wish all of you guys Hacky New Year!
I rarely deal with active machines, rather with retired ones and challenges.
This may change in 2019.

I have been using the Qu**** vt*** tool to make configuration changes and using tc***** to monitor traffic but I am not seeing any changes in traffic and my configuration changes seem to revert after a short period of time. Does the system automatically reset configurations after a period of time? Should I be able to see traffic differences after altering configuration?

@frankg said:
I have been using the Qu**** vt*** tool to make configuration changes and using tc***** to monitor traffic but I am not seeing any changes in traffic and my configuration changes seem to revert after a short period of time. Does the system automatically reset configurations after a period of time? Should I be able to see traffic differences after altering configuration?

There’s a cronjob which reverts the config. If you make the right change, you should see something.

i have the password of the services in the privescalation but when i am used this, the password was incorrect, what happening here?

@deviate said:

@salamander said:
Hey guys. Is the machine broken or something?
I’m trying to log in to the Lyghtspeed page using the username found in the doc and S************3 as passwd but it keeps failing with Invalid username/password. Tried reseting the box but the problem persisted. Am I going on the wrong track?

The first three characters aren’t part of the pw.

Super thanks, to think I had the cred all this while.

I have the user.txt and I think I am a quite a good way into root. Is anyone available to PM and discuss if I am on the right track as I have been at this a few days and I really want to see this one through. Great machine by the way.

any help with root please?

So, I’m gonna leave my own two cents here:
First of all this is really a nice box, user is rather easy and only requires some enumeration in the right places. Don’t focus only on HTTP for information.
Root is a bit harder if you aren’t familiar with the concepts & services/protocols behind it, but in the end it’s quite logical and pretty simple once you’ve read up on the topic and tried around a bit. (Also thanks @jkr for his help with root here)

If you need some help with this box (user or root), feel free to PM me for hints and also explanations, so you don’t end up with the flag but don’t really understand how everything worked in the end.

Also thanks to @snowscan for providing us a possibility to get to know this kind of attack and actually execute it ourselves once, too.