Carrier

1171820222328

Comments

  • Hey guys, I got admin credentials I logged in with. Now I am suspecting I have to do some work with quagga. Think I am on the right track? Not too familiar with this can anyone PM me with some help? Or at least some good resources?

  • edited January 2019

    I am so damned stumped on this privesc. I've found how to change the b** configuration, i've got a topology, but i'm not sure where to go from here. Can someone PM me a nudge or three?

    Edit: Rooted. I was so close for so long, turned out my B** game was fine, and it was something simpler than that the whole time...

    Excellent box, thank you very much Snowscan!

  • Got the user thanks for tips 7ckngM4D, TigerStyle and White137Shadow. now going for root.

    32x0LF

  • I have inject commands via RCE, so I have the user.txt flag, but still haven't managed to get a reverse shell, can some one point me in the right direction, have spent 7 days on this.

  • edited January 2019

    got user!!!.......its very straight.......and simple

  • edited January 2019

    I managed to get into the admin panel, does getting the user account have anything to do with the guy who was recently terminated? Or does it have to do with the wolf guy who reported the security issue?

    Edit: Oh wait, I think it`s the extinct animal from South Africa?

  • edited January 2019

    nvm got it

  • I can not get burp to send anything worthwhile to the server, is there someone who can PM me if they can assist. Been at this almost all day. Thanks

  • Guys ... after getting user.txt ... what i need to do ... I'm stuck ... can someone help me please :)

  • Can some one give me a hint for priv esc.....how to go with B** H*******g , how to use digram found during enumeration help??

  • @MrB00tz said:
    I can not get burp to send anything worthwhile to the server, is there someone who can PM me if they can assist. Been at this almost all day. Thanks

    Do you have user flag?

  • edited January 2019

    @MrB00tz said:
    I managed to get into the admin panel, does getting the user account have anything to do with the guy who was recently terminated? Or does it have to do with the wolf guy who reported the security issue?

    Edit: Oh wait, I think it`s the extinct animal from South Africa?

    I've seen people discussing that guy in this forum. But for getting user flag, I don't think we need him lol. Getting user is pretty straightforward.

  • Just managed to get the user.txt. I am having fun just messing with this part of the box. It forces you to use Burp's other features then just the proxy. I have not moved on to the root.txt yet, but if you want some pointers on the user, PM me and I will be glad to guide you.

  • after getting helped by like 5 people.. finally rooted this crazy box. PM if you need hints, happy to return the favor :)

    Hack The Box

  • @0xINT3 said:

    @MrB00tz said:
    I can not get burp to send anything worthwhile to the server, is there someone who can PM me if they can assist. Been at this almost all day. Thanks

    Do you have user flag?

    I don`t have it yet :(

  • @0xINT3 said:
    Getting user is pretty straightforward.

    In that case I am going the wrong way with this

  • Getting to user was pretty straight forward, I think.
    However, I am stuck with the PrivEsc part. I found the respective service, used vt**h to change stuff. T*****p does not yield any results on any interface whatsoever.

    Anyone able to give me a hint?

  • Im loosing my mind over here! All this B** H*****g stuff is not making it easier.
    Got the user, got the shell on the box! And im prette sure that i have to change something in the b.cf file and prehaps somethinh with the IPtables!
    Can anyone PM me if im on the right path.

  • Great box! Had done an exercise previously on this technique, but only after suffering here for several hours I finally learned and properly understood how the attack can be used.


    fbbc

  • Cool..I am relieved closing my b*P now got root. I've learned new many thing on this box and how this b works. I cannot make it without the guidance of those guys. They helped me a lot . by the way does S*******.txt can be used for flag on root? Thank you guys and the creator of this box.

    32x0LF

  • This is the best box I have EVER done. Thanks so much. Great for us network engineers.

  • @MrB00tz said:

    @0xINT3 said:

    @MrB00tz said:
    I can not get burp to send anything worthwhile to the server, is there someone who can PM me if they can assist. Been at this almost all day. Thanks

    Do you have user flag?

    I don`t have it yet :(

    PM :)

  • can anyone help me? i found doc and 2 other ports too but i cant enemurate 161 port , so if anyone has discord please add me eth0#4415

  • Hey, I need help about the b** h*j*****g. I understand how the bgp protocol works and the purpose of the attack. I try to modify the b** config and I see some interesting traffics with t*p***p. Anyone can help me ?

    Best regards,
    bar0z.h

  • I am returning the favor so if anyone need some tips. dm me happy to help.😊

    32x0LF

  • finally ...rooted........BIG .thanks to @32x0LF . ...Happy to help others.....

  • edited January 2019
    Hi all,

    I am stuck on privesc. Been trying for over a week now and I'm knocking my head against the keyboard. I get that I need to announce a prefix for b** of the network the f** server is sitting on and then running t*****p to act as a fake f**. But I cant seem to get my commands to run. It even seems my routes get overridden after some time after putting them in the v***h. Any help would be greatly appreciated.



    Edit: finally got root. A few simple mistakes were all it took to keep me from the flag. I learned a lot on this box from tons of networking reading and even a ton from my mistakes! Thanks to all who helped me!
  • edited January 2019
    So this is my first box and yes, I’m new here. It didn’t take to long in getting root on this box. You have to enumerate a port and get creds, use burp and remember to encode.

    But I can’t seem to figure on getting the root.txt. I went back to the page with all the “open/close” papers. Wrote a bash script to figure out which IP to listen on and tried to listen on that box by setting up eth0 ifconfig on the network.

    Please PM me. Oh and tmrw is my birthday!!!

    EDIT:

    Finally rooted the machine. There was a script in one of the dirs that needed to be modified.
  • @pikey301 said:
    Anyone willing to help me on the root part of Carrier . I know what to do, but lacking the knowledge to get the right syntax.

    Same boat, :(

Sign In to comment.