Carrier

@i4n said:
I’ve found and can modify check= but I can’t seem to execute anything. Not even the simplest of commands. I’ve tried different techniques but getting nothing back. Any hints?

It seems to break often on the public server, hence all the resets. Sometimes, the “Verify Status” button on the Diagnostics page doesn’t even return anything.

I’ve captured it several times in Burp and I only see check=, should there be more?

@i4n said:
I’ve captured it several times in Burp and I only see check=, should there be more?

Yes, there’s supposed to be an initial value for check.

Type your comment> @SolSanctum said:

@i4n said:
I’ve captured it several times in Burp and I only see check=, should there be more?

Yes, there’s supposed to be an initial value for check.

Oh yeah, I know what you are talking about and it’s there. I thought you meant there was another parameter.

Just finished this box completely. I believe that @snowscan could have added an extra layer to this challenge since he had other containers to play around with.

Great job, @snowscan! Loved the challenge!

EDIT: Looking back, it makes total sense why secretdata.txt is there. Brilliant!

@i4n are you still working on the user? That check value you are working is the key. You just need to tweak it. DM me if you need a push.

@i4n Currently in the same position as you right now. I’ve found the parameter and have tried tweaking it but to no avail. Have you had any luck? I have a sinking feeling that my syntax is just wrong or something but I’ve tried everything I can think of. Guess I just need to try harder! Feel free to DM me if you want to brain storm.

I managed to login and get c*****d e*******n but i can’t get a shell, i can only use commands trought the bug i found, any hint? (i also tryed a lot of reverse shell cheet sheet)
p.s. i got the user flag i just want a shell to better operate…

Could someone PM me for a few questions about the RCE? Im stuck at that… Still newbie. I understood everything till that point

I got off to a blazing start and got user pretty quickly before hitting a brick wall. I had most of the parts together in my mind, but massive difficulty in putting them together. All in all, this was a fantastic challenge. I feel like I’ve learned more over the past few days than in the last year combined, and I’m very happy to have some experience with a new (to me) protocol under my belt. Massive thank you to @snox for helping me out! I love a challenge like this, where you come away with an understanding of something new, but more importantly, what areas I need to focus on. Hats off to @snowscan for creating this!

Mark me down as another one of those that has RCE, but is having trouble getting a shell to be more efficient/figure out what to do next. I’m pretty new to all of this, so wouldn’t mind some tips!

Edit: of course I figured it out ten minutes after posting this.

After another big chunk of work I finally popped user. Turns out I was on the right track but overlooked a very simple concept. Turns out the answer for the RCE was staring me in the face. Thanks for all the help everyone!

Type your comment> @potatoman97 said:

I have no idea where to go after getting access to the admin console

pm me

If anyone needs hint for user pm me …

I am stuck at root … I dont have much knowledge with networking n all …should i try rooting ? spend some time but reaching no where …any hint is appreciated …thanks

I’m not going to give up on this box. Despite spending way too long staring at the screen.
I have access to the webpage and I feel like I need to inject some code, via burp, into the d**g page. This is where my lack of experience is starting to show and is where i need some assistance progressing to ‘user.txt’
I’d rather not be told the answer as I’m here to learn, but if there is something I can read that may lead me the way or if someone can give me a little nudge in the right direction I would be grateful. Feel free to drop me a message.

Many Thanks

Type your comment> @Gh05tR1d3r said:

I’m not going to give up on this box. Despite spending way too long staring at the screen.
I have access to the webpage and I feel like I need to inject some code, via burp, into the d**g page. This is where my lack of experience is starting to show and is where i need some assistance progressing to ‘user.txt’
I’d rather not be told the answer as I’m here to learn, but if there is something I can read that may lead me the way or if someone can give me a little nudge in the right direction I would be grateful. Feel free to drop me a message.

Many Thanks

You’re on the right track, look at the parameters of your burp intercept, and check this out: Reverse Shell Cheat Sheet | pentestmonkey

Feel free to PM me :slight_smile:

Rooted, Best box so far! :slight_smile:

Type your comment> @Gh05tR1d3r said:

I’m not going to give up on this box. Despite spending way too long staring at the screen.
I have access to the webpage and I feel like I need to inject some code, via burp, into the d**g page. This is where my lack of experience is starting to show and is where i need some assistance progressing to ‘user.txt’
I’d rather not be told the answer as I’m here to learn, but if there is something I can read that may lead me the way or if someone can give me a little nudge in the right direction I would be grateful. Feel free to drop me a message.

Many Thanks

Hi
Do not give up … If you still need some direction pm me

thanks

Is tcpdump working correctly on the carrier box ?
I am not seeing any packets when i ping the ip from another shell of the same machine

Could you please show me a direction in privesc for carrier ?

I read about B** and A* .I understand that we have 3 As and our machine is in A1** …

Its using q***** service with B** …
I read from the t****** and found about the V** issue of connecting to an F** to 10.****** network .
I added the entry " network ******* " b**.c*** as
And use nc to listen …

I know i am missing something here …Am i in the right direction .It would be great if you give me a hint

thanks