Carrier

Type your comment> @izzul said:

I managed to login using serial number but now i stuck what to do next :frowning:

Check out what pages you have available and figure out how they might work

Hi i got user.txt already but im having trouble getting a reverse shell. I tried using p***** and n* but i can’t seem to catch a shell

Got user on the box, got an interactive shell, but having trouble with root. I’m guessing I need to change the b** protocol, but I’m a bit unsure about where to go with this. I’m thinking the t****** page is a hint at how to reconfigure things?

Hi after reading a few page on the forum I can not figure out my nmap scan… 161 is close and I try sever types of scanning so what’s going wrong? Any hint should be appreciated thanks

Founded lol waiting 20 min for a scan

Type your comment> @skyghost666 said:

Hi after reading a few page on the forum I can not figure out my nmap scan… 161 is close and I try sever types of scanning so what’s going wrong? Any hint should be appreciated thanks

Founded lol waiting 20 min for a scan

masscan is good to find all open port. quickly 2 ~3 mins .then you just need nmap scan port service .

I’m trap with s…w… IN enumeration I found SN#N…but I don’t find the way to exploit that any hint should be appreciated thank you

Enumerated ports, services, site, etc. Read docs. Got SN*. Still unable to login. Site seems to hang after inputting credentials :confused:

Can any point me in the right direction? I have an interactive shell and have modified the b** config. I havent been able to capture the traffic locally and havent been able to forward the traffic to my box.

I think I almost have rotting this figured out. Could someone give me a hand? I am b** h******** and seeing an f** 3-way handshake, but no data.

EDIT: Nevermind- rooted. Be wary of poor network conditions.

Nevermind- rooted. Be wary of poor network conditions.

Hey all, I’ve been able to log into the web page with the correct credentials, and I am working with burp suite for the RCE. I’ve found Check=******* that people have mentioned but I am unsure of where to go from here. Any help would be appreciated. Feel free to DM. Still trying to get that user.txt.

anyone up to help me out with b** h******** portion? I’d like to get some feedback on my approach. I have owned system already just not sure how or why

Gotaccess to web app, cant seem to figure out changing the parameter to execute rce. Do you need to modify both the Name and value or simply the value of Ch***? Feel free to DM me

For root, I was pretty close for many hours and pulling my hair out and was missing one step after configuring b**. My hint is below, hopefully its vague enough not to be considered a spoiler.

Remember when doing b** h********, you have to actually be able to provide the services you’re advertising.

hints for PrivEsca

@0xMohamed I’m right there and I see data for that service. I dont see a password or any files being transferred. I’m trying to capture it in pcap. I dont know why I can only see partial data for that service.

Rooted! After 2 days of struggle… This got to be my favorite box, learned so much! If someone need help just PM me.

Holy cow! Took me 2 days too. Thanks to @snox for the tip. Pay attention to @0xMohamed’s advice.

The root part has been kicking my ass for a day and a half. Makes me painfully conscious about the need to seriously brush up on my networking skils.

Changed stuff in b***.cf according to that f port in the T*****s page, tried catching the result with n*, tried with tc****p … but nothing is showing up yet.
I know I’m really close, but I must miss a detail either in that file, or in the way I’m listening to stuff.

Any hints in PM ? Would love to check my B** h*******g logic, as I feel it might be too simple or missing something.