Carrier

12224262728

Comments

  • edited February 20

    thought I was finished but it's time to try harder

  • Finally rooted. Thanks to @siryarbles :)

  • edited February 20

    Just had a conversation with someone on port 21. That was fun ¯_(ツ)_/¯

  • edited February 20

    So crowded, it's just a pain to root it :scream:
    Resets / network mess... man, the hardest part is not to root it but find the right hour to work on it XD

  • edited February 20

    Really stuck on this i understand the attack needed to be done. When I make changes, host a service for a connection nothing happens. Not sure what I'm doing incorrect. Finding this box really hard...

    Edit: not to worry i got it! Hint if you know the attack and you know what service is needed you need to ask yourself what is the VIP calling to and how can i get him to come to me if that makes much sense haha

  • I have the root password but cant do much after logging into the service. Can someone lend a hand?

  • edited February 20

    Deleted comment.

  • I've found and can modify check= but I can't seem to execute anything. Not even the simplest of commands. I've tried different techniques but getting nothing back. Any hints?

  • @i4n said:
    I've found and can modify check= but I can't seem to execute anything. Not even the simplest of commands. I've tried different techniques but getting nothing back. Any hints?

    It seems to break often on the public server, hence all the resets. Sometimes, the "Verify Status" button on the Diagnostics page doesn't even return anything.

  • I've captured it several times in Burp and I only see check=, should there be more?

  • @i4n said:
    I've captured it several times in Burp and I only see check=, should there be more?

    Yes, there's supposed to be an initial value for check.

  • Type your comment> @SolSanctum said:

    @i4n said:
    I've captured it several times in Burp and I only see check=, should there be more?

    Yes, there's supposed to be an initial value for check.

    Oh yeah, I know what you are talking about and it's there. I thought you meant there was another parameter.

  • edited February 21

    Just finished this box completely. I believe that @snowscan could have added an extra layer to this challenge since he had other containers to play around with.

    Great job, @snowscan! Loved the challenge!

    EDIT: Looking back, it makes total sense why secretdata.txt is there. Brilliant!

  • @i4n are you still working on the user? That check value you are working is the key. You just need to tweak it. DM me if you need a push.

  • @i4n Currently in the same position as you right now. I've found the parameter and have tried tweaking it but to no avail. Have you had any luck? I have a sinking feeling that my syntax is just wrong or something but I've tried everything I can think of. Guess I just need to try harder! Feel free to DM me if you want to brain storm.

  • edited February 21

    I managed to login and get c*****d e*******n but i can't get a shell, i can only use commands trought the bug i found, any hint? (i also tryed a lot of reverse shell cheet sheet)
    p.s. i got the user flag i just want a shell to better operate..

  • Could someone PM me for a few questions about the RCE? Im stuck at that.. Still newbie. I understood everything till that point

  • I got off to a blazing start and got user pretty quickly before hitting a brick wall. I had most of the parts together in my mind, but massive difficulty in putting them together. All in all, this was a fantastic challenge. I feel like I've learned more over the past few days than in the last year combined, and I'm very happy to have some experience with a new (to me) protocol under my belt. Massive thank you to @snox for helping me out! I love a challenge like this, where you come away with an understanding of something new, but more importantly, what areas I need to focus on. Hats off to @snowscan for creating this!

  • edited February 21

    Mark me down as another one of those that has RCE, but is having trouble getting a shell to be more efficient/figure out what to do next. I'm pretty new to all of this, so wouldn't mind some tips!

    Edit: of course I figured it out ten minutes after posting this.

  • After another big chunk of work I finally popped user. Turns out I was on the right track but overlooked a very simple concept. Turns out the answer for the RCE was staring me in the face. Thanks for all the help everyone!

  • Type your comment> @potatoman97 said:

    I have no idea where to go after getting access to the admin console

    pm me

    Hack The Box

  • If anyone needs hint for user pm me ...

    I am stuck at root ... I dont have much knowledge with networking n all ..should i try rooting ? spend some time but reaching no where ...any hint is appreciated ..thanks

    Hack The Box

  • I'm not going to give up on this box. Despite spending way too long staring at the screen.
    I have access to the webpage and I feel like I need to inject some code, via burp, into the d**g page. This is where my lack of experience is starting to show and is where i need some assistance progressing to 'user.txt'
    I'd rather not be told the answer as I'm here to learn, but if there is something I can read that may lead me the way or if someone can give me a little nudge in the right direction I would be grateful. Feel free to drop me a message.

    Many Thanks

  • Type your comment> @Gh05tR1d3r said:

    I'm not going to give up on this box. Despite spending way too long staring at the screen.
    I have access to the webpage and I feel like I need to inject some code, via burp, into the d**g page. This is where my lack of experience is starting to show and is where i need some assistance progressing to 'user.txt'
    I'd rather not be told the answer as I'm here to learn, but if there is something I can read that may lead me the way or if someone can give me a little nudge in the right direction I would be grateful. Feel free to drop me a message.

    Many Thanks

    You're on the right track, look at the parameters of your burp intercept, and check this out: http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet

    Feel free to PM me :)

    Xess

  • Rooted, Best box so far! :)

    Xess

  • Type your comment> @Gh05tR1d3r said:

    I'm not going to give up on this box. Despite spending way too long staring at the screen.
    I have access to the webpage and I feel like I need to inject some code, via burp, into the d**g page. This is where my lack of experience is starting to show and is where i need some assistance progressing to 'user.txt'
    I'd rather not be told the answer as I'm here to learn, but if there is something I can read that may lead me the way or if someone can give me a little nudge in the right direction I would be grateful. Feel free to drop me a message.

    Many Thanks

    Hi
    Do not give up ... If you still need some direction pm me

    thanks

    Hack The Box

  • Is tcpdump working correctly on the carrier box ?
    I am not seeing any packets when i ping the ip from another shell of the same machine

    Hack The Box

  • Could you please show me a direction in privesc for carrier ?

    I read about B** and A* .I understand that we have 3 As and our machine is in A1** ..

    Its using q***** service with B** ...
    I read from the t****** and found about the V** issue of connecting to an F** to 10.****** network .
    I added the entry " network ******* " b**.c*** as
    And use nc to listen ...

    I know i am missing something here ..Am i in the right direction .It would be great if you give me a hint

    thanks

    Hack The Box

  • Hi
    I think I am very near ...
    I have the f** req captured using nc ..I tried setting up p***** F** ser*** . but couldnt succeed...tc**** is not showing any data

    Any help is appreciated ! My head is burning LOL

    Hack The Box

  • Wow ..What a machine ...
    Finally rooted with help from many ....
    Learned a lot ..Happy that i could root this !!!

    Happy to help

    Hack The Box

Sign In to comment.