Carrier

@salamander said:
Hey guys. Is the machine broken or something?
I’m trying to log in to the Lyghtspeed page using the username found in the doc and S************3 as passwd but it keeps failing with Invalid username/password. Tried reseting the box but the problem persisted. Am I going on the wrong track?

The first three characters aren’t part of the pw.

Hi guys!

First things first, merry Christmas and hacky new year!

I’m working to get root flag. I’ve studied the environment and the technologies that are beeing used. I´m learning a lot with this box. Thanks @snowscan <3

I think that I’m almost there but something isn’t working properly and needs some fine tune.

Could somebody help me to finish the box? (PM)
=)

Finally got root. Was able to learn a lot with this machine with a particular protocol that was unknown to me, at least until now. Thanks @limbernie

i have not any idea how to start with this machine PM me any hint -sU result not helpful yet :wink:

@limbernie said:

@HopeHasAPlace said:
hey guys so i did snmp_login from metasploit and i see it says successful.
but when I do snmp_enum everything shows up blank like this:

[+] 10.10.10.105, Connected.

[*] System information:

Host IP : 10.10.10.105
Hostname : -
Description : -
Contact : -
Location : -
Uptime snmp : -
Uptime system : -
System date : -

[] Scanned 1 of 1 hosts (100% complete)
[
] Auxiliary module execution completed

ANy reason why I am getting this error?

how to install spwk to parrot os.it has only s********k . i search on google.but i did not find anythig abt it.

Use s**pw**k my friend, to walk the entire MIB hierarchy starting from the root. I leave it to you to figure out how to do that.

I wish all of you guys Hacky New Year!
I rarely deal with active machines, rather with retired ones and challenges.
This may change in 2019.

I have been using the Qu**** vt*** tool to make configuration changes and using tc***** to monitor traffic but I am not seeing any changes in traffic and my configuration changes seem to revert after a short period of time. Does the system automatically reset configurations after a period of time? Should I be able to see traffic differences after altering configuration?

@frankg said:
I have been using the Qu**** vt*** tool to make configuration changes and using tc***** to monitor traffic but I am not seeing any changes in traffic and my configuration changes seem to revert after a short period of time. Does the system automatically reset configurations after a period of time? Should I be able to see traffic differences after altering configuration?

There’s a cronjob which reverts the config. If you make the right change, you should see something.

i have the password of the services in the privescalation but when i am used this, the password was incorrect, what happening here?

@deviate said:

@salamander said:
Hey guys. Is the machine broken or something?
I’m trying to log in to the Lyghtspeed page using the username found in the doc and S************3 as passwd but it keeps failing with Invalid username/password. Tried reseting the box but the problem persisted. Am I going on the wrong track?

The first three characters aren’t part of the pw.

Super thanks, to think I had the cred all this while.

I have the user.txt and I think I am a quite a good way into root. Is anyone available to PM and discuss if I am on the right track as I have been at this a few days and I really want to see this one through. Great machine by the way.

any help with root please?

So, I’m gonna leave my own two cents here:
First of all this is really a nice box, user is rather easy and only requires some enumeration in the right places. Don’t focus only on HTTP for information.
Root is a bit harder if you aren’t familiar with the concepts & services/protocols behind it, but in the end it’s quite logical and pretty simple once you’ve read up on the topic and tried around a bit. (Also thanks @jkr for his help with root here)

If you need some help with this box (user or root), feel free to PM me for hints and also explanations, so you don’t end up with the flag but don’t really understand how everything worked in the end.

Also thanks to @snowscan for providing us a possibility to get to know this kind of attack and actually execute it ourselves once, too.

Finally got root. If you are not one of the networking guys it could be a suffer… In this forum there are a lot of good hints, if you put it together, you can get root. Try not to over-complicate things, you only need to change one simple thing in one of the configuration files. On a free server it could be really tough and time consuming to achieve your goals because of the constant resets and edits.

Thanks @snowscan this machine reminds me to one of the hardest machines at OSCP course… It taught me new things and I need to learn basic network stuffs…

The user was really easy. That said I am enjoying the root part a lot.

I am fairly sure I am nearing the end but my t****mp is not doing anything on any interface. Any hints towards that?

And yes the free box resets a lot, it is quite annoying, but can live with it. :slight_smile:

Possibly I need to change some rules in ip*****?

Rooted!

This is by far my favorite box. Very complete in all aspects. Thanks to @snowscan for creating such an amazing and enjoyable box. <3

Also thanks @GDX and @aquira for your support!

If anybody get stuck, feel free to PM me, you are welcome.
=)

Rooted! What a rush. This was awesome. I learned sooo much. Took me a few days and some help (thanks @d4rkk and @GDX ).

Such an awesome box @snowcan ! Wooo!

I really enjoyed this box after tearing my hair out for an hour trying to figure out why traffic wasn’t flowing the way it should.

In order to get root remember traffic needs to flow both ways…

I consider myself pretty good on networking but I’m still learning and this box helped. It was also refreshing to see that a pivot was needed too. All in all great job @snowscan

If anyone is stuck on the networky stuff, feel free to PM me and I’ll share some tutorials that helped.

Can anyone help PM me with the RCE part.
Understand the encoding and what field to attempt it on, however, cannot get the reverse shell to connect.

Hello Guys… I’m new here … can you help me please…

First i enumerate the box i found the udp port…enumerated … i found the psswd using sn***lk but i don’t know the username can you help me please :slight_smile: thanks in advance …