Carrier

hints for PrivEsca

@0xMohamed I’m right there and I see data for that service. I dont see a password or any files being transferred. I’m trying to capture it in pcap. I dont know why I can only see partial data for that service.

Rooted! After 2 days of struggle… This got to be my favorite box, learned so much! If someone need help just PM me.

Holy cow! Took me 2 days too. Thanks to @snox for the tip. Pay attention to @0xMohamed’s advice.

The root part has been kicking my ass for a day and a half. Makes me painfully conscious about the need to seriously brush up on my networking skils.

Changed stuff in b***.cf according to that f port in the T*****s page, tried catching the result with n*, tried with tc****p … but nothing is showing up yet.
I know I’m really close, but I must miss a detail either in that file, or in the way I’m listening to stuff.

Any hints in PM ? Would love to check my B** h*******g logic, as I feel it might be too simple or missing something.

thought I was finished but it’s time to try harder

Finally rooted. Thanks to @siryarbles :slight_smile:

Just had a conversation with someone on port 21. That was fun ¯_(ツ)_/¯

So crowded, it’s just a pain to root it :scream:
Resets / network mess… man, the hardest part is not to root it but find the right hour to work on it XD

Really stuck on this i understand the attack needed to be done. When I make changes, host a service for a connection nothing happens. Not sure what I’m doing incorrect. Finding this box really hard…

Edit: not to worry i got it! Hint if you know the attack and you know what service is needed you need to ask yourself what is the VIP calling to and how can i get him to come to me if that makes much sense haha

I have the root password but cant do much after logging into the service. Can someone lend a hand?

Deleted comment.

I’ve found and can modify check= but I can’t seem to execute anything. Not even the simplest of commands. I’ve tried different techniques but getting nothing back. Any hints?

@i4n said:
I’ve found and can modify check= but I can’t seem to execute anything. Not even the simplest of commands. I’ve tried different techniques but getting nothing back. Any hints?

It seems to break often on the public server, hence all the resets. Sometimes, the “Verify Status” button on the Diagnostics page doesn’t even return anything.

I’ve captured it several times in Burp and I only see check=, should there be more?

@i4n said:
I’ve captured it several times in Burp and I only see check=, should there be more?

Yes, there’s supposed to be an initial value for check.

Type your comment> @SolSanctum said:

@i4n said:
I’ve captured it several times in Burp and I only see check=, should there be more?

Yes, there’s supposed to be an initial value for check.

Oh yeah, I know what you are talking about and it’s there. I thought you meant there was another parameter.

Just finished this box completely. I believe that @snowscan could have added an extra layer to this challenge since he had other containers to play around with.

Great job, @snowscan! Loved the challenge!

EDIT: Looking back, it makes total sense why secretdata.txt is there. Brilliant!

@i4n are you still working on the user? That check value you are working is the key. You just need to tweak it. DM me if you need a push.

@i4n Currently in the same position as you right now. I’ve found the parameter and have tried tweaking it but to no avail. Have you had any luck? I have a sinking feeling that my syntax is just wrong or something but I’ve tried everything I can think of. Guess I just need to try harder! Feel free to DM me if you want to brain storm.