Carrier

Need help with the t*pd8mp part… im advertising myself quite well

Got Shell!! I always use the locate command ! will save you time! Hint locate bgp…

Finally got root! Was a fun and interesting box indeed. Requires a solid dose of routing knowledge to redirect and capture some interesting traffic. Thanks @MTOTH and @d4rkk for hints during the hunt!

Need help on root feel like I’m close?

Allright… I could really use a nudge for the flag. Got the shell and think I have managed to edit the traffic flow, but I can’t seem to get the t****** to output anything useful format. Any ideas? PM would be appreciated.

Finally managed to get root.txt (along with something else).
this has got to be one of the boxes that made me learn so much in a matter of days. I’m not a network guy, and this has got me reading up on a lot of networking materials.
special thanks to @malte @d4rkk and @montyongoXOR. Anyone who needs help with this box, do reach out to me :slight_smile:

I got the core concept of the getting root down but i am confused about the execution method. Can anyone please PM me. I can explain details there as i dont want to spoil it for anyone here.

EDIT 1: I get syn synack synack fin on port 22 which i can capture but i still dont see any creds. I have also redirected requests to port 21 to port 8888 where i have a p*** f** s*** running. :confused:

Rooted! Very interesting machine and totally different to the typical HTB machine! thanks @snowscan for the educational journey!

PM for hints & tips!

@ashishjv1 said:
Whats with the extra se******ta.**t file in the end ? The one with the root flag ?

same here …
any help @snowscan ??

@mitoOo said:

@ashishjv1 said:
Whats with the extra se******ta.**t file in the end ? The one with the root flag ?

same here …

Look closely at the characters you see. Perhaps this is not MD5. It looks a bit like ASCII?

Got user but stuck on root !

UPDATE: got root.

man this was the coolest Box. What a great learning experience. Thanks for everyone who provided vital help.

The difficulty of this box is surely deceptive and should be rated high as key concepts of some technologies need to be researched in some depth to achieve root.
I feel so much smarter after solving this box. Cheers.

Hey guys , user was pretty easy but im banging my head over the keyboard for over a week trying to get root . i understand the big picture of b** and how announcing a sub prefix of that network that was mentioned in the tickets would return some readable data via t*****p about a known protocol.
I would be more than happy if someone could help me figure out what’s my next step after announcing that sub-prefix .
Thanks !

edit : rooted , big shoutout to @Izzet for helping me out !
learned alot during this run :slight_smile:

Hey guys, I got admin credentials I logged in with. Now I am suspecting I have to do some work with quagga. Think I am on the right track? Not too familiar with this can anyone PM me with some help? Or at least some good resources?

I am so damned stumped on this privesc. I’ve found how to change the b** configuration, i’ve got a topology, but i’m not sure where to go from here. Can someone PM me a nudge or three?

Edit: Rooted. I was so close for so long, turned out my B** game was fine, and it was something simpler than that the whole time…

Excellent box, thank you very much Snowscan!

Got the user thanks for tips 7ckngM4D, TigerStyle and White137Shadow. now going for root.

I have inject commands via RCE, so I have the user.txt flag, but still haven’t managed to get a reverse shell, can some one point me in the right direction, have spent 7 days on this.

got user!!!..its very straight…and simple

I managed to get into the admin panel, does getting the user account have anything to do with the guy who was recently terminated? Or does it have to do with the wolf guy who reported the security issue?

Edit: Oh wait, I think it`s the extinct animal from South Africa?

nvm got it