Carrier

can somebody help me with root - i’m a little bit lost with the network stuff and don’t know where to start with my research…

Hey guys, total noob here. Have been trying to get user.txt on this box and am stuck on the RCE. If anyone could PM hints or suggest resources to help me learn basics of RCE it would be greatly appreciated. Thank you all and happy hacking!

Can someone please DM me for a sanity check? I had user a long time ago and took a break when I was struggling with root. I cannot get my low priv shell to pop again to save my life!

I see some people are finding a ‘simple’ port in their nmap scans… but everytime i scan for 1** it comes back as closed, even straight after a reset…

Ok. I do not get it. I changed the b** configuration. I do get F** traffic to the corresponding host. But no credentials came by. Am I missing something?

need help I successfully logged in to the admin panel but need hind about what to do to get user.txt by “check”

Most useful advise here I could give about privilege escalation is to enumerate the service everyone’s referring to and look at some youtube clips regarding b** h******* to get familiar with the commands and v***** interface. Also it took me days to figure out that nc can’t simulate an *** daemon, so you’ll have to set up one yourself or do manual responses with nc like someone already advised, personally I used a python script I found on github. A tough box, but learned lots of stuff about networking! Next step is to find a decent book to get a bit more familiar with this stuff, any recommendations someone might have would be welcome.

All I can say is if you believe you know the privilege escalation attack vector and sure of it keep trying, you’ll get to it eventually.

Also look at s4rgey’s comment.

Before I go down a rabbit hole, can I get the s***** number i’m looking for by enumerating s**p . I’ve tried some basics and i’m getting nothing more than an ip back

scratch that - found it. Misusing tools :slight_smile:

Can I get a hint how to proceed? I have web login, i’ve gathered some network info from the tickets page but nothing seems to live on any of the /24s , I’ve read there’s a cve and have found some candidates but I believe I need a shell first. I can’t find any mechanism to upload a file or kick off any processes in the php pages. I know i’m missing something, I’m just not sure what!

I need some help on the reverse shell command. I’ve figured out RCE but cannot for the life of me find a working reverse shell command.

-deleted- Just machine unstable

I need a little hint… I’m not sure if I’m stuck in a rabbit hole. I got user and now working on root. Is it safe to assume that I need a shell on carrier to get root?

Type your comment

To start off I’m new to the hacking scene, i got alot of networking and some programming with me in to this! I’m pretty stuck at the moment i would say! I did get user pretty fast with the hints on the forum, but I’ve got real problems with the b** (familliar and have worked with the protocol) stuff. At the moment i dont see a way forward, I have read the configuration multiple times and tried som stuff to route me the traffic but nothing has worked… This might be due to me not having worked with kali that much and all of its capabilities but what would I know! I would love some hints/tips from the experts on here! :slight_smile:

Type your comment> @GeorgieH10 said:

To start off I’m new to the hacking scene, i got alot of networking and some programming with me in to this! I’m pretty stuck at the moment i would say! I did get user pretty fast with the hints on the forum, but I’ve got real problems with the b** (familliar and have worked with the protocol) stuff. At the moment i dont see a way forward, I have read the configuration multiple times and tried som stuff to route me the traffic but nothing has worked… This might be due to me not having worked with kali that much and all of its capabilities but what would I know! I would love some hints/tips from the experts on here! :slight_smile:

  1. you mainly need to figure out b** h***** method, ask Pakistan
  2. linux network commands

Type your comment> @peek said:

Type your comment> @GeorgieH10 said:

To start off I’m new to the hacking scene, i got alot of networking and some programming with me in to this! I’m pretty stuck at the moment i would say! I did get user pretty fast with the hints on the forum, but I’ve got real problems with the b** (familliar and have worked with the protocol) stuff. At the moment i dont see a way forward, I have read the configuration multiple times and tried som stuff to route me the traffic but nothing has worked… This might be due to me not having worked with kali that much and all of its capabilities but what would I know! I would love some hints/tips from the experts on here! :slight_smile:

  1. you mainly need to figure out b** h***** method, ask Pakistan
  2. linux network commands

Thanks Peek! Yeah I read about it before my last post, I believe I understand it as well and i have tried to figure out how to practically apply what i’ve read in this scenario but without any luck. could you point me in the right direction, documentation on how to do it, what is needed on the attacker side (my own b** a*?, specific rs?, py server? and so on… I think that the main problem is the methodology to actually carry it out.

Im in the same spot as @GeorgieH10 i can execute commands and get results but cant get an interactive shell. I would expect i need a shell to start changing b** config using their tty utility but im obviously missing something. Im curious what other people have done.

i dont think that you are at the same step. pm me

Rooted. Amazing machine @snowscan . Thank you for the nudge @peek

Hey, I have the shell on the system and see the diagram and the conf files… but I am very confused on how this network works and what all the traffic is. Could somebody help me get a better understanding of what I am looking at from a high level so that I can figure out what to do next? I am very new to networking.