Carrier

Could you please show me a direction in privesc for carrier ?

I read about B** and A* .I understand that we have 3 As and our machine is in A1** …

Its using q***** service with B** …
I read from the t****** and found about the V** issue of connecting to an F** to 10.****** network .
I added the entry " network ******* " b**.c*** as
And use nc to listen …

I know i am missing something here …Am i in the right direction .It would be great if you give me a hint

thanks

Hi
I think I am very near …
I have the f** req captured using nc …I tried setting up p***** F** ser*** . but couldnt succeed…tc**** is not showing any data

Any help is appreciated ! My head is burning LOL

Wow …What a machine …
Finally rooted with help from many …
Learned a lot …Happy that i could root this !!!

Happy to help

Hardest box I’ve been doing so far. Finally rooted that b*tch. Thanks a lot to @snowscan for making this, I learned a TON of new stuff.

User is easy and there is plenty of hints already in this thread ; as for root, there are quite a few gotchas on the way to root.txt.

Some things that messed with me for some time : if you change the .conf of a service, be sure to write it and/or to restart the associated service so it gets accounted. Also, interface changes can be your friend. And last, but not least : be polite, say HELO.

Thanks a lot to @f1ndm3 and @Downloading for confirming I was on the right path, as well as @Xess , with whom it was quite fun to work :slight_smile:

Hii! I need some help with user.txt. I had access to panel administrator, i can see the page: diag******* and the check parameter. ??

Type your comment> @capitantrueno said:

Hii! I need some help with user.txt. I had access to panel administrator, i can see the page: diag******* and the check parameter. ??

R**
Close attention to the parameter value . ?
you have a good base

Type your comment> @Gh05tR1d3r said:

I’m not going to give up on this box. Despite spending way too long staring at the screen.
I have access to the webpage and I feel like I need to inject some code, via burp, into the d**g page. This is where my lack of experience is starting to show and is where i need some assistance progressing to ‘user.txt’
I’d rather not be told the answer as I’m here to learn, but if there is something I can read that may lead me the way or if someone can give me a little nudge in the right direction I would be grateful. Feel free to drop me a message.

Many Thanks

EDIT: Got ‘user.txt’ now. Thanks to @sillydaddy daddy and @Xess for the advice.

That was a mission finally rooted!! Thanks for all the hints and help on this one!

Type your comment> @Patapinh0 said:

Hardest box I’ve been doing so far. Finally rooted that b*tch. Thanks a lot to @snowscan for making this, I learned a TON of new stuff.

User is easy and there is plenty of hints already in this thread ; as for root, there are quite a few gotchas on the way to root.txt.

Some things that messed with me for some time : if you change the .conf of a service, be sure to write it and/or to restart the associated service so it gets accounted. Also, interface changes can be your friend. And last, but not least : be polite, say HELO.

Thanks a lot to @f1ndm3 and @Downloading for confirming I was on the right path, as well as @Xess , with whom it was quite fun to work :slight_smile:

It was a pleasure to struggle together haha! :slight_smile:

@Gh05tR1d3r said:
Type your comment> @Gh05tR1d3r said:

I’m not going to give up on this box. Despite spending way too long staring at the screen.
I have access to the webpage and I feel like I need to inject some code, via burp, into the d**g page. This is where my lack of experience is starting to show and is where i need some assistance progressing to ‘user.txt’
I’d rather not be told the answer as I’m here to learn, but if there is something I can read that may lead me the way or if someone can give me a little nudge in the right direction I would be grateful. Feel free to drop me a message.

Many Thanks

EDIT: Got ‘user.txt’ now. Thanks to @sillydaddy daddy and @Xess for the advice.

Anytime! :slight_smile:

Hmmm, so I have the SN but it doesn’t seem to be working to login to the page? Any ideas

Having a lot of troubles with what needs to be done next after getting user.txt.

I have tried using reverse shell codes cheat sheet and tried to input it into the check perimeter. However, it is not executing and I can’t listen to it on my kali linux. Is there anyone that can help me out?

Type your comment> @RyanW18 said:

Hmmm, so I have the SN but it doesn’t seem to be working to login to the page? Any ideas

Do not include the SN in the password and it will work if your username is the correct one.

Type your comment> @Ryzeros said:

Type your comment> @RyanW18 said:

Hmmm, so I have the SN but it doesn’t seem to be working to login to the page? Any ideas

Do not include the SN in the password and it will work if your username is the correct one.

Was a classic layer 8 issue. Had a character on the end of the password which shouldn’t have been. Got a shell onto the machine however for the last hour I can’t figure out how to maintain access via an ssh account or anything lol

logged in successfully but have no idea on what to do now.
can anyone guide me?

Think I have a rough idea on how to get root but unable to actually do it or know when to start. hmmm

I think I’m pretty close, but yet so far. I’ve edited the B** conf and restarted the service, checking in VT*** show I’m the preffered one, and i’m waiting for packets, but not sure how can I make the F** client to init the connection to get the sweet stuff.

Can someone give a hint? thx!

btw, I see packets but without the sweetness, maybe other people trying to connect…

Not able to login with a**** : S*************. Is it just me or others are also facing same issue?

Type your comment> @vno said:

Not able to login with a**** : S*************. Is it just me or others are also facing same issue?

check without S***

Ughhhhh. It’s over…root at last.

This was an amazing box, I’ve learnt so much over the last three pain filled days.
Big thanks to @snowscan for making me question 10 years of network engineering
and thanks to @Xess for reassuring me I was on the right track.

If anyone has any networking related questions or doesn’t quite understand what they’re trying to achieve post RCE, feel free to PM me. I’m more than happy to help.