Carrier

UPDATE: got root.

man this was the coolest Box. What a great learning experience. Thanks for everyone who provided vital help.

The difficulty of this box is surely deceptive and should be rated high as key concepts of some technologies need to be researched in some depth to achieve root.
I feel so much smarter after solving this box. Cheers.

Hey guys , user was pretty easy but im banging my head over the keyboard for over a week trying to get root . i understand the big picture of b** and how announcing a sub prefix of that network that was mentioned in the tickets would return some readable data via t*****p about a known protocol.
I would be more than happy if someone could help me figure out what’s my next step after announcing that sub-prefix .
Thanks !

edit : rooted , big shoutout to @Izzet for helping me out !
learned alot during this run :slight_smile:

Hey guys, I got admin credentials I logged in with. Now I am suspecting I have to do some work with quagga. Think I am on the right track? Not too familiar with this can anyone PM me with some help? Or at least some good resources?

I am so damned stumped on this privesc. I’ve found how to change the b** configuration, i’ve got a topology, but i’m not sure where to go from here. Can someone PM me a nudge or three?

Edit: Rooted. I was so close for so long, turned out my B** game was fine, and it was something simpler than that the whole time…

Excellent box, thank you very much Snowscan!

Got the user thanks for tips 7ckngM4D, TigerStyle and White137Shadow. now going for root.

I have inject commands via RCE, so I have the user.txt flag, but still haven’t managed to get a reverse shell, can some one point me in the right direction, have spent 7 days on this.

got user!!!..its very straight…and simple

I managed to get into the admin panel, does getting the user account have anything to do with the guy who was recently terminated? Or does it have to do with the wolf guy who reported the security issue?

Edit: Oh wait, I think it`s the extinct animal from South Africa?

nvm got it

I can not get burp to send anything worthwhile to the server, is there someone who can PM me if they can assist. Been at this almost all day. Thanks

Guys … after getting user.txt … what i need to do … I’m stuck … can someone help me please :slight_smile:

Can some one give me a hint for priv esc…how to go with B** H*******g , how to use digram found during enumeration help??

@MrB00tz said:
I can not get burp to send anything worthwhile to the server, is there someone who can PM me if they can assist. Been at this almost all day. Thanks

Do you have user flag?

@MrB00tz said:
I managed to get into the admin panel, does getting the user account have anything to do with the guy who was recently terminated? Or does it have to do with the wolf guy who reported the security issue?

Edit: Oh wait, I think it`s the extinct animal from South Africa?

I’ve seen people discussing that guy in this forum. But for getting user flag, I don’t think we need him lol. Getting user is pretty straightforward.

Just managed to get the user.txt. I am having fun just messing with this part of the box. It forces you to use Burp’s other features then just the proxy. I have not moved on to the root.txt yet, but if you want some pointers on the user, PM me and I will be glad to guide you.

after getting helped by like 5 people… finally rooted this crazy box. PM if you need hints, happy to return the favor :slight_smile:

@0xINT3 said:

@MrB00tz said:
I can not get burp to send anything worthwhile to the server, is there someone who can PM me if they can assist. Been at this almost all day. Thanks

Do you have user flag?

I don`t have it yet :frowning:

@0xINT3 said:
Getting user is pretty straightforward.

In that case I am going the wrong way with this

Hack The Box

Getting to user was pretty straight forward, I think.
However, I am stuck with the PrivEsc part. I found the respective service, used vth to change stuff. T***p does not yield any results on any interface whatsoever.

Anyone able to give me a hint?