@salamander said:
Hey guys. Is the machine broken or something?
I’m trying to log in to the Lyghtspeed page using the username found in the doc and S************3 as passwd but it keeps failing with Invalid username/password. Tried reseting the box but the problem persisted. Am I going on the wrong track?
First things first, merry Christmas and hacky new year!
I’m working to get root flag. I’ve studied the environment and the technologies that are beeing used. I´m learning a lot with this box. Thanks @snowscan <3
I think that I’m almost there but something isn’t working properly and needs some fine tune.
@HopeHasAPlace said:
hey guys so i did snmp_login from metasploit and i see it says successful.
but when I do snmp_enum everything shows up blank like this:
[+] 10.10.10.105, Connected.
[*] System information:
Host IP : 10.10.10.105
Hostname : -
Description : -
Contact : -
Location : -
Uptime snmp : -
Uptime system : -
System date : -
I have been using the Qu**** vt*** tool to make configuration changes and using tc***** to monitor traffic but I am not seeing any changes in traffic and my configuration changes seem to revert after a short period of time. Does the system automatically reset configurations after a period of time? Should I be able to see traffic differences after altering configuration?
@frankg said:
I have been using the Qu**** vt*** tool to make configuration changes and using tc***** to monitor traffic but I am not seeing any changes in traffic and my configuration changes seem to revert after a short period of time. Does the system automatically reset configurations after a period of time? Should I be able to see traffic differences after altering configuration?
There’s a cronjob which reverts the config. If you make the right change, you should see something.
@salamander said:
Hey guys. Is the machine broken or something?
I’m trying to log in to the Lyghtspeed page using the username found in the doc and S************3 as passwd but it keeps failing with Invalid username/password. Tried reseting the box but the problem persisted. Am I going on the wrong track?
The first three characters aren’t part of the pw.
Super thanks, to think I had the cred all this while.
I have the user.txt and I think I am a quite a good way into root. Is anyone available to PM and discuss if I am on the right track as I have been at this a few days and I really want to see this one through. Great machine by the way.
So, I’m gonna leave my own two cents here:
First of all this is really a nice box, user is rather easy and only requires some enumeration in the right places. Don’t focus only on HTTP for information.
Root is a bit harder if you aren’t familiar with the concepts & services/protocols behind it, but in the end it’s quite logical and pretty simple once you’ve read up on the topic and tried around a bit. (Also thanks @jkr for his help with root here)
If you need some help with this box (user or root), feel free to PM me for hints and also explanations, so you don’t end up with the flag but don’t really understand how everything worked in the end.
Also thanks to @snowscan for providing us a possibility to get to know this kind of attack and actually execute it ourselves once, too.
Finally got root. If you are not one of the networking guys it could be a suffer… In this forum there are a lot of good hints, if you put it together, you can get root. Try not to over-complicate things, you only need to change one simple thing in one of the configuration files. On a free server it could be really tough and time consuming to achieve your goals because of the constant resets and edits.
Thanks @snowscan this machine reminds me to one of the hardest machines at OSCP course… It taught me new things and I need to learn basic network stuffs…
I really enjoyed this box after tearing my hair out for an hour trying to figure out why traffic wasn’t flowing the way it should.
In order to get root remember traffic needs to flow both ways…
I consider myself pretty good on networking but I’m still learning and this box helped. It was also refreshing to see that a pivot was needed too. All in all great job @snowscan
If anyone is stuck on the networky stuff, feel free to PM me and I’ll share some tutorials that helped.
Hello Guys… I’m new here … can you help me please…
First i enumerate the box i found the udp port…enumerated … i found the psswd using sn***lk but i don’t know the username can you help me please thanks in advance …