Carrier

@i4n Currently in the same position as you right now. I’ve found the parameter and have tried tweaking it but to no avail. Have you had any luck? I have a sinking feeling that my syntax is just wrong or something but I’ve tried everything I can think of. Guess I just need to try harder! Feel free to DM me if you want to brain storm.

I managed to login and get c*****d e*******n but i can’t get a shell, i can only use commands trought the bug i found, any hint? (i also tryed a lot of reverse shell cheet sheet)
p.s. i got the user flag i just want a shell to better operate…

Could someone PM me for a few questions about the RCE? Im stuck at that… Still newbie. I understood everything till that point

I got off to a blazing start and got user pretty quickly before hitting a brick wall. I had most of the parts together in my mind, but massive difficulty in putting them together. All in all, this was a fantastic challenge. I feel like I’ve learned more over the past few days than in the last year combined, and I’m very happy to have some experience with a new (to me) protocol under my belt. Massive thank you to @snox for helping me out! I love a challenge like this, where you come away with an understanding of something new, but more importantly, what areas I need to focus on. Hats off to @snowscan for creating this!

Mark me down as another one of those that has RCE, but is having trouble getting a shell to be more efficient/figure out what to do next. I’m pretty new to all of this, so wouldn’t mind some tips!

Edit: of course I figured it out ten minutes after posting this.

After another big chunk of work I finally popped user. Turns out I was on the right track but overlooked a very simple concept. Turns out the answer for the RCE was staring me in the face. Thanks for all the help everyone!

Type your comment> @potatoman97 said:

I have no idea where to go after getting access to the admin console

pm me

If anyone needs hint for user pm me …

I am stuck at root … I dont have much knowledge with networking n all …should i try rooting ? spend some time but reaching no where …any hint is appreciated …thanks

I’m not going to give up on this box. Despite spending way too long staring at the screen.
I have access to the webpage and I feel like I need to inject some code, via burp, into the d**g page. This is where my lack of experience is starting to show and is where i need some assistance progressing to ‘user.txt’
I’d rather not be told the answer as I’m here to learn, but if there is something I can read that may lead me the way or if someone can give me a little nudge in the right direction I would be grateful. Feel free to drop me a message.

Many Thanks

Type your comment> @Gh05tR1d3r said:

I’m not going to give up on this box. Despite spending way too long staring at the screen.
I have access to the webpage and I feel like I need to inject some code, via burp, into the d**g page. This is where my lack of experience is starting to show and is where i need some assistance progressing to ‘user.txt’
I’d rather not be told the answer as I’m here to learn, but if there is something I can read that may lead me the way or if someone can give me a little nudge in the right direction I would be grateful. Feel free to drop me a message.

Many Thanks

You’re on the right track, look at the parameters of your burp intercept, and check this out: Reverse Shell Cheat Sheet | pentestmonkey

Feel free to PM me :slight_smile:

Rooted, Best box so far! :slight_smile:

Type your comment> @Gh05tR1d3r said:

I’m not going to give up on this box. Despite spending way too long staring at the screen.
I have access to the webpage and I feel like I need to inject some code, via burp, into the d**g page. This is where my lack of experience is starting to show and is where i need some assistance progressing to ‘user.txt’
I’d rather not be told the answer as I’m here to learn, but if there is something I can read that may lead me the way or if someone can give me a little nudge in the right direction I would be grateful. Feel free to drop me a message.

Many Thanks

Hi
Do not give up … If you still need some direction pm me

thanks

Is tcpdump working correctly on the carrier box ?
I am not seeing any packets when i ping the ip from another shell of the same machine

Could you please show me a direction in privesc for carrier ?

I read about B** and A* .I understand that we have 3 As and our machine is in A1** …

Its using q***** service with B** …
I read from the t****** and found about the V** issue of connecting to an F** to 10.****** network .
I added the entry " network ******* " b**.c*** as
And use nc to listen …

I know i am missing something here …Am i in the right direction .It would be great if you give me a hint

thanks

Hi
I think I am very near …
I have the f** req captured using nc …I tried setting up p***** F** ser*** . but couldnt succeed…tc**** is not showing any data

Any help is appreciated ! My head is burning LOL

Wow …What a machine …
Finally rooted with help from many …
Learned a lot …Happy that i could root this !!!

Happy to help

Hardest box I’ve been doing so far. Finally rooted that b*tch. Thanks a lot to @snowscan for making this, I learned a TON of new stuff.

User is easy and there is plenty of hints already in this thread ; as for root, there are quite a few gotchas on the way to root.txt.

Some things that messed with me for some time : if you change the .conf of a service, be sure to write it and/or to restart the associated service so it gets accounted. Also, interface changes can be your friend. And last, but not least : be polite, say HELO.

Thanks a lot to @f1ndm3 and @Downloading for confirming I was on the right path, as well as @Xess , with whom it was quite fun to work :slight_smile:

Hii! I need some help with user.txt. I had access to panel administrator, i can see the page: diag******* and the check parameter. ??

Type your comment> @capitantrueno said:

Hii! I need some help with user.txt. I had access to panel administrator, i can see the page: diag******* and the check parameter. ??

R**
Close attention to the parameter value . ?
you have a good base

Type your comment> @Gh05tR1d3r said:

I’m not going to give up on this box. Despite spending way too long staring at the screen.
I have access to the webpage and I feel like I need to inject some code, via burp, into the d**g page. This is where my lack of experience is starting to show and is where i need some assistance progressing to ‘user.txt’
I’d rather not be told the answer as I’m here to learn, but if there is something I can read that may lead me the way or if someone can give me a little nudge in the right direction I would be grateful. Feel free to drop me a message.

Many Thanks

EDIT: Got ‘user.txt’ now. Thanks to @sillydaddy daddy and @Xess for the advice.