Carrier

Hack The Box

Getting to user was pretty straight forward, I think.
However, I am stuck with the PrivEsc part. I found the respective service, used vth to change stuff. T***p does not yield any results on any interface whatsoever.

Anyone able to give me a hint?

Im loosing my mind over here! All this B** Hg stuff is not making it easier.
Got the user, got the shell on the box! And im prette sure that i have to change something in the b
.c
*f file and prehaps somethinh with the IPtables!
Can anyone PM me if im on the right path.

Great box! Had done an exercise previously on this technique, but only after suffering here for several hours I finally learned and properly understood how the attack can be used.

Cool…I am relieved closing my bP now got root. I’ve learned new many thing on this box and how this b works. I cannot make it without the guidance of those guys. They helped me a lot . by the way does S******.txt can be used for flag on root? Thank you guys and the creator of this box.

This is the best box I have EVER done. Thanks so much. Great for us network engineers.

@MrB00tz said:

@0xINT3 said:

@MrB00tz said:
I can not get burp to send anything worthwhile to the server, is there someone who can PM me if they can assist. Been at this almost all day. Thanks

Do you have user flag?

I don`t have it yet :frowning:

PM :slight_smile:

can anyone help me? i found doc and 2 other ports too but i cant enemurate 161 port , so if anyone has discord please add me eth0#4415

Hey, I need help about the b** h*j*****g. I understand how the bgp protocol works and the purpose of the attack. I try to modify the b** config and I see some interesting traffics with t*p***p. Anyone can help me ?

Best regards,
bar0z.h

I am returning the favor so if anyone need some tips. dm me happy to help.?

finally …rooted…BIG .thanks to @32x0LF . …Happy to help others…

Hi all,

I am stuck on privesc. Been trying for over a week now and I’m knocking my head against the keyboard. I get that I need to announce a prefix for b** of the network the f** server is sitting on and then running tp to act as a fake f. But I cant seem to get my commands to run. It even seems my routes get overridden after some time after putting them in the vh. Any help would be greatly appreciated.

Edit: finally got root. A few simple mistakes were all it took to keep me from the flag. I learned a lot on this box from tons of networking reading and even a ton from my mistakes! Thanks to all who helped me!

So this is my first box and yes, I’m new here. It didn’t take to long in getting root on this box. You have to enumerate a port and get creds, use burp and remember to encode.

But I can’t seem to figure on getting the root.txt. I went back to the page with all the “open/close” papers. Wrote a bash script to figure out which IP to listen on and tried to listen on that box by setting up eth0 ifconfig on the network.

Please PM me. Oh and tmrw is my birthday!!!

EDIT:

Finally rooted the machine. There was a script in one of the dirs that needed to be modified.

@pikey301 said:
Anyone willing to help me on the root part of Carrier . I know what to do, but lacking the knowledge to get the right syntax.

Same boat, :frowning:

Finally rooted the whole thing ,thanks to precious advice given by @32x0LF
If anyone needs help^, I can return the favor.

I am stuck on the b** stuff using vsh, not sure what to try. Have read the docs for qu*a install and setup…no happiness. Please can someone pop me a hint. Thanks.

its very embarrassing but i dont even can login to the admin panel. i got the serial number but i cant figure out the username to login to the panel. what am I missing? can anybody give me a hint

@playboi1337 said:
its very embarrassing but i dont even can login to the admin panel. i got the serial number but i cant figure out the username to login to the panel. what am I missing? can anybody give me a hint

Try default usernames of administration panel

Can anyone PM some help getting RCE/User.txt?

I’ve been reading up on BGP hijacking, and I know I need to exploit the quagga bgp vulnerability. I had a look on exploit-db and found an exploit for quagga, but couldn’t really make out what exactly it is I need to do.

I’ve been looking at the diagnostics page for hours, and have hit a wall. Any help would be much appreciated.

@Steve333 said:
Can anyone PM some help getting RCE/User.txt?

I’ve been reading up on BGP hijacking, and I know I need to exploit the quagga bgp vulnerability. I had a look on exploit-db and found an exploit for quagga, but couldn’t really make out what exactly it is I need to do.

I’ve been looking at the diagnostics page for hours, and have hit a wall. Any help would be much appreciated.

To get RCE/user, you’ll want to look at what the Diagnostics page is doing when you click on the verify status button. Have a look at what is being requested and what you’re getting back as output. :smiley: