Carrier

Finally rooted. Thanks to @siryarbles :slight_smile:

Just had a conversation with someone on port 21. That was fun ¯_(ツ)_/¯

So crowded, it’s just a pain to root it :scream:
Resets / network mess… man, the hardest part is not to root it but find the right hour to work on it XD

Really stuck on this i understand the attack needed to be done. When I make changes, host a service for a connection nothing happens. Not sure what I’m doing incorrect. Finding this box really hard…

Edit: not to worry i got it! Hint if you know the attack and you know what service is needed you need to ask yourself what is the VIP calling to and how can i get him to come to me if that makes much sense haha

I have the root password but cant do much after logging into the service. Can someone lend a hand?

Deleted comment.

I’ve found and can modify check= but I can’t seem to execute anything. Not even the simplest of commands. I’ve tried different techniques but getting nothing back. Any hints?

@i4n said:
I’ve found and can modify check= but I can’t seem to execute anything. Not even the simplest of commands. I’ve tried different techniques but getting nothing back. Any hints?

It seems to break often on the public server, hence all the resets. Sometimes, the “Verify Status” button on the Diagnostics page doesn’t even return anything.

I’ve captured it several times in Burp and I only see check=, should there be more?

@i4n said:
I’ve captured it several times in Burp and I only see check=, should there be more?

Yes, there’s supposed to be an initial value for check.

Type your comment> @SolSanctum said:

@i4n said:
I’ve captured it several times in Burp and I only see check=, should there be more?

Yes, there’s supposed to be an initial value for check.

Oh yeah, I know what you are talking about and it’s there. I thought you meant there was another parameter.

Just finished this box completely. I believe that @snowscan could have added an extra layer to this challenge since he had other containers to play around with.

Great job, @snowscan! Loved the challenge!

EDIT: Looking back, it makes total sense why secretdata.txt is there. Brilliant!

@i4n are you still working on the user? That check value you are working is the key. You just need to tweak it. DM me if you need a push.

@i4n Currently in the same position as you right now. I’ve found the parameter and have tried tweaking it but to no avail. Have you had any luck? I have a sinking feeling that my syntax is just wrong or something but I’ve tried everything I can think of. Guess I just need to try harder! Feel free to DM me if you want to brain storm.

I managed to login and get c*****d e*******n but i can’t get a shell, i can only use commands trought the bug i found, any hint? (i also tryed a lot of reverse shell cheet sheet)
p.s. i got the user flag i just want a shell to better operate…

Could someone PM me for a few questions about the RCE? Im stuck at that… Still newbie. I understood everything till that point

I got off to a blazing start and got user pretty quickly before hitting a brick wall. I had most of the parts together in my mind, but massive difficulty in putting them together. All in all, this was a fantastic challenge. I feel like I’ve learned more over the past few days than in the last year combined, and I’m very happy to have some experience with a new (to me) protocol under my belt. Massive thank you to @snox for helping me out! I love a challenge like this, where you come away with an understanding of something new, but more importantly, what areas I need to focus on. Hats off to @snowscan for creating this!

Mark me down as another one of those that has RCE, but is having trouble getting a shell to be more efficient/figure out what to do next. I’m pretty new to all of this, so wouldn’t mind some tips!

Edit: of course I figured it out ten minutes after posting this.

After another big chunk of work I finally popped user. Turns out I was on the right track but overlooked a very simple concept. Turns out the answer for the RCE was staring me in the face. Thanks for all the help everyone!

Type your comment> @potatoman97 said:

I have no idea where to go after getting access to the admin console

pm me