Carrier

1161719212228

Comments

  • edited January 3

    The user was really easy. That said I am enjoying the root part a lot.

    I am fairly sure I am nearing the end but my t****mp is not doing anything on any interface. Any hints towards that?

    And yes the free box resets a lot, it is quite annoying, but can live with it. :)

    Possibly I need to change some rules in ip*****?

    Maglok

  • Rooted!

    This is by far my favorite box. Very complete in all aspects. Thanks to @snowscan for creating such an amazing and enjoyable box. <3

    Also thanks @GDX and @aquira for your support!

    If anybody get stuck, feel free to PM me, you are welcome.
    =)

  • Rooted! What a rush. This was awesome. I learned sooo much. Took me a few days and some help (thanks @d4rkk and @GDX ).

    Such an awesome box @snowcan ! Wooo!

    Maglok

  • I really enjoyed this box after tearing my hair out for an hour trying to figure out why traffic wasn't flowing the way it should.

    In order to get root remember traffic needs to flow both ways...

    I consider myself pretty good on networking but I'm still learning and this box helped. It was also refreshing to see that a pivot was needed too. All in all great job @snowscan

    If anyone is stuck on the networky stuff, feel free to PM me and I'll share some tutorials that helped.

  • Can anyone help PM me with the RCE part.
    Understand the encoding and what field to attempt it on, however, cannot get the reverse shell to connect.

  • Hello Guys... I'm new here ... can you help me please...

    First i enumerate the box i found the udp port...enumerated ... i found the psswd using sn***lk but i don't know the username can you help me please :) thanks in advance ...

  • @tacosaurus said:
    I am stuck with user. I am playing with the check value but I find nothing interesting. I need a hint please

    I've been stuck at the same point for more than a day. Can't seam to get syntax correct or something because I can't get *nix commands to return anything. Please help.

  • @redcypress @DeHackzU PM me! I can help you with rce. :)

  • I figured out the proper syntax and another underlying problem.

  • lcwlcw
    edited January 8

    stuck trying to find root. have already gained shell access to the 1st box and got user.txt. from all the posts here, i understand that I need to change the route or smth.. but am stuck at which route to change..
    Any kind soul here willing to point me in the right direction? :)

  • Can anyone PM me with some help with the inital foothold?
    I know I need to manipulate the c**k parameter after logging in to the admin portal. I have tried many manual techniques and commix but to no good. I have also made sure it's the injection is properly encoded. Thanks in advance :)

  • @R1pid said:
    Can anyone PM me with some help with the inital foothold?
    I know I need to manipulate the c**k parameter after logging in to the admin portal. I have tried many manual techniques and commix but to no good. I have also made sure it's the injection is properly encoded. Thanks in advance :)

    This is a very obvious reply, but if you know where to go and what you need to do my advice is to stick with that and carefully craft your requests. Start with simple things and build your way up. Check your output, where things break and how you can string things together.

  • Hey everyone,

    I finally got root, but just curious about why there is an additional "secretdata.txt" file. Has anyone checked what is that about?

    PP

  • edited January 8

    @pp123 said:
    Hey everyone,

    I finally got root, but just curious about why there is an additional "secretdata.txt" file. Has anyone checked what is that about?

    PP

    It does contain an easter egg. I don't want to spoil it. Think about what kind of data you are looking at.

    PS: If someone has a question, feel free to PM me if you are stuck.

    alt text

  • Just got root and wow, this was my favorite box. It was more realistic than some other ones. :+1:

  • Can someone PM with some help. I feel like I was on the right track but I cannot find the serieal number I have enumerated a couple ports that I have found with built in nmap scans and haven't been able to find anything worth while either.

  • Anyone up to help me out with priv esc.
    Done till ftp part didn't pop any info from that :(

    B0rN2R00T

  • Thanks for the box @snowscan, it really got me out of my comfort zone!

  • Need help with the t*pd8mp part... im advertising myself quite well

    LordeDestro

  • Got Shell!! I always use the locate command ! will save you time! Hint locate bgp..

  • Finally got root! Was a fun and interesting box indeed. Requires a solid dose of routing knowledge to redirect and capture some interesting traffic. Thanks @MTOTH and @d4rkk for hints during the hunt!

  • Need help on root feel like I'm close?

  • edited January 11

    Allright.. I could really use a nudge for the flag. Got the shell and think I have managed to edit the traffic flow, but I can't seem to get the t****** to output anything useful format. Any ideas? PM would be appreciated.

  • Finally managed to get root.txt (along with something else).
    this has got to be one of the boxes that made me learn so much in a matter of days. I'm not a network guy, and this has got me reading up on a lot of networking materials.
    special thanks to @malte @d4rkk and @montyongoXOR. Anyone who needs help with this box, do reach out to me :)

  • edited January 12

    I got the core concept of the getting root down but i am confused about the execution method. Can anyone please PM me. I can explain details there as i dont want to spoil it for anyone here.

    EDIT 1: I get syn synack synack fin on port 22 which i can capture but i still dont see any creds. I have also redirected requests to port 21 to port 8888 where i have a p*** f** s*** running. :/

    Hack The Box

  • Rooted! Very interesting machine and totally different to the typical HTB machine! thanks @snowscan for the educational journey!

    PM for hints & tips!

    Crunch

    If you ask for help, plz include what you tried. Else no reply.

  • @ashishjv1 said:
    Whats with the extra se******ta.**t file in the end ? The one with the root flag ?

    same here ...
    any help @snowscan ??

    mitoOo

  • @mitoOo said:

    @ashishjv1 said:
    Whats with the extra se******ta.**t file in the end ? The one with the root flag ?

    same here ...

    Look closely at the characters you see. Perhaps this is not MD5. It looks a bit like ASCII?

  • Got user but stuck on root !

  • UPDATE: got root.

    man this was the coolest Box. What a great learning experience. Thanks for everyone who provided vital help.

    The difficulty of this box is surely deceptive and should be rated high as key concepts of some technologies need to be researched in some depth to achieve root.
    I feel so much smarter after solving this box. Cheers.

    Hack The Box

Sign In to comment.