Carrier

Type your comment> @clmtn said:

Type your comment> @DrinkACoffee said:

I’ m trying to get user.txt. I am logged in as admin in the console. Not sure what to do next?

One of the pages should contain some output that’s similar to a command used in Linux environments. Try see what it’s doing and whether you can change its behaviour.

got any thing?

I managed to get user but now stuck on ftp part.
found a server but doesn’t have credentials for this.

I understand I need to get to the f** server but I’m unsure how I can do that. Any hints would be greatly appreciated I’m not too familiar with networking

Thanks in advanced

Type your comment> @laxudope said:

Type your comment> @clmtn said:

Type your comment> @DrinkACoffee said:

I’ m trying to get user.txt. I am logged in as admin in the console. Not sure what to do next?

One of the pages should contain some output that’s similar to a command used in Linux environments. Try see what it’s doing and whether you can change its behaviour.

got any thing?

I managed to get user but now stuck on ftp part.
found a server but doesn’t have credentials for this.

you can pm me we can work the rest of this together you want I havent found the f** but I am root and can redirect the traffic so I will need a nudge as well I am unsure about a few things if someone that rooted this or got this far can assist I am at the root@rtr1 and understand vt***

You remember the sound from JAWS ? when the shark is chasing the people carrier I am coming for your root lol! :slight_smile:

Ok guys quick question does this go as far as local_pref or as path prepending or are we just doing a simple sub prefix hi***k?

if that’s the case I wonder if just modifying the interface like a friend of mine on here was told and gave me the hint we are sort of working this together.

as in B** when you announce a prefix via a directly connected interface in quag** doesn’t that internally set the next-hop to our asn?

what I am wondering is do we have to do any pre routing modification or does that flag show up in that skeleton pcap once you redirect it I am just wondering how irl like this is

as I am working on some code to pull off this famous attack but I am a little confused on a few pieces can someone with more knowledge of b** contact me via pm so I can roll some non challenge related questions at you?

Can anyone help me with what to do next after login to web app . as i’m not able to find any parameter in burp while intercepting . some one please guie me i’m stuck .!!! :frowning:

Type your comment> @parteeksingh said:

Can anyone help me with what to do next after login to web app . as i’m not able to find any parameter in burp while intercepting . some one please guie me i’m stuck .!!! :frowning:

Continue searching, you are missing something.

Hi
Could someone help me with the initial foothold?
I think I’m on the right track but I just don’t get any login creds. I just want to know what I’m doing wrong.

Type your comment> @Fluxx79 said:

Hi
Could someone help me with the initial foothold?
I think I’m on the right track but I just don’t get any login creds. I just want to know what I’m doing wrong.

Recommendation: Enumerate until you get something.

Hi,I am stuck in the enumeration part. Is page and directory enumeration the way ? because it takes too long.

Hi, i just got the user.txt but i’m stuck on the root privesc , i try some enumeration on the network part , but that thing was overwhelming , can anyone redirect me the right path ??

Hi, I’m new to htb and trying my first box carrier. I’m stuck on how to get the reverse shell. Trying to parse Di***c page and I’m sure information is hiding behind qu and b**, but I have scratching my head since long how to proceed further. Please help!!!

Any tips on the root side. I have user and investigating the routing configs but without success so far.

Type your comment> @8032 said:

Any tips on the root side. I have user and investigating the routing configs but without success so far.

Could you please help me with shell?

the base of this challenge is to teach you how a device can leak its info and how to get that. It also teaches you how to read between the lines, once You have done that it is your job to find a parameter to conduct a remote code execution attack

guys for all wondering this if it was real could be considered a 0 day a few of them

so this is by no means a box for people that do not know how and why command execution can happen!!!

You should understand how the code is made just by succeeding.

If not go google no one here can help you learn something that is not attainable at your skill level

that is not meant as a disrespectful statement. That’s like going to a school hey I am a teacher this is easy than flopping when a 8th grade student asks you how to multiply a polynomial

Than it gets worse You guys want someone to explain to you how to partially pull of an attack demonstrated at Defcon lol

there is a reason this is hard it requires you to understand networking zero day development and discovery as well as network administration

I again do not mean to demean anyone or anything like that this challenge answered allot of questions I had I loved every second of it

A few people gave me help and pointers and I helped others this was a fun experience but requires a level of knowledge no one here can assist you with

take about 6 months google bg* and Cisco and Routing and networking and basic Linux sysadmin and ■■■■ than come back and ask for help.

Thanks for the cool machine snowscan! Got user in about 30 mins and privesc took about 11h with all the research and ironing out the kinks to finally get it to work. I knew in theory what I had to achieve early on but couldn’t get it to work in practice which made the hours all the more frustrating but the perseverance paid of in the end.

i don’t understand, am i supposed to banging my head against the wall in every machine!? even if it’s easy?!,
I got the creds but it didn’t work on the login page !?

Hello all,

So far got the user.txt now looking for the root.txt. I’ve seen the routes but can’t figure out how to add it to the bp conf and then intercepting the traffic. A little help would be appreciated.
Edit : configured all but tc
***p doesn’t seem to intercept

Stuck on root.txt. I have a pcap from t****p and credentials for the f** server. Stuck on what to do next as there is nothing on the f** server.

edit: Got root!!!

logged in to web app and stuck
any lead?