Carrier

I got User.txt but I stuck on priv escalation. Guide me brothers.

@aungkyawphyo said:
I got User.txt but I stuck on priv escalation. Guide me brothers.

Remember the info graph and think about how you need to deal with a setup like that!

Hello, can someone please give me some hints about root? I’ve got the reverse shell, looked at the ip routes but I can’t think about a “game plan”… any hint is allowed :slight_smile:

@D3f3nd3r said:
I get this error message:
“bash: cannot set terminal process group (801): Inappropriate ioctl for device
bash: no job control in this shell
bash: 0: No such file or directory”
i tried many times i don’t know what i am doing wrong.

I’ve seen that a few times. Sometimes I have to try a different reverse shell technique or list the full path of the programs I’m using to attain the reverse shell. Try to locate where the tool you’d like to use is, then list the full path to it vs. just calling the tool by name.

got root originally but not the right way.

edit: thanks to a number of individuals who pointed me in the right direction to do it the right way.

also this link helped, once you understand the service you can unmask the stars https://www.nongnu.org/q*****

really learnt something from this box, so it gets my vote!

I got root shell but can only see user.txt, is there something i’m missing ?

off topic : that box brought me to gns3 and cisco routers. I recommand to watch videos about gns3 after you finished the box, it’s very interesting.

can somebody help me with root - i’m a little bit lost with the network stuff and don’t know where to start with my research…

Hey guys, total noob here. Have been trying to get user.txt on this box and am stuck on the RCE. If anyone could PM hints or suggest resources to help me learn basics of RCE it would be greatly appreciated. Thank you all and happy hacking!

Can someone please DM me for a sanity check? I had user a long time ago and took a break when I was struggling with root. I cannot get my low priv shell to pop again to save my life!

I see some people are finding a ‘simple’ port in their nmap scans… but everytime i scan for 1** it comes back as closed, even straight after a reset…

Ok. I do not get it. I changed the b** configuration. I do get F** traffic to the corresponding host. But no credentials came by. Am I missing something?

need help I successfully logged in to the admin panel but need hind about what to do to get user.txt by “check”

Most useful advise here I could give about privilege escalation is to enumerate the service everyone’s referring to and look at some youtube clips regarding b** h******* to get familiar with the commands and v***** interface. Also it took me days to figure out that nc can’t simulate an *** daemon, so you’ll have to set up one yourself or do manual responses with nc like someone already advised, personally I used a python script I found on github. A tough box, but learned lots of stuff about networking! Next step is to find a decent book to get a bit more familiar with this stuff, any recommendations someone might have would be welcome.

All I can say is if you believe you know the privilege escalation attack vector and sure of it keep trying, you’ll get to it eventually.

Also look at s4rgey’s comment.

Before I go down a rabbit hole, can I get the s***** number i’m looking for by enumerating s**p . I’ve tried some basics and i’m getting nothing more than an ip back

scratch that - found it. Misusing tools :slight_smile:

Can I get a hint how to proceed? I have web login, i’ve gathered some network info from the tickets page but nothing seems to live on any of the /24s , I’ve read there’s a cve and have found some candidates but I believe I need a shell first. I can’t find any mechanism to upload a file or kick off any processes in the php pages. I know i’m missing something, I’m just not sure what!

I need some help on the reverse shell command. I’ve figured out RCE but cannot for the life of me find a working reverse shell command.

-deleted- Just machine unstable

I need a little hint… I’m not sure if I’m stuck in a rabbit hole. I got user and now working on root. Is it safe to assume that I need a shell on carrier to get root?

Type your comment