Carrier

@TheInnocent said:
rooted. My hints for this box:

  • for user, don’t stop at the very first nmap scan, use full potential and enumerate every service. Reading everything in the web portal will help. Once inside, try to play with the only interesting parameter you see in burp to obtain a shell

  • for root you don’t have to do much but you’ll have to KNOW much about a certain service. First thing, run enumeration scan, then try to read as much as you can about how things like that work

"Reading everything in the web portal will help. Once inside, try to play with the only interesting parameter you see in burp to obtain a shell. "
love you Bro you save my time. it took 15-30 munites to identify .

@shaboti said:
Enumerate port 1*1 and get SN…, try to use it as pwd for login but no success? Any hint >please!

I am in the same, can anybody give me any hint ?

@nutss said:

@shaboti said:
Enumerate port 1*1 and get SN…, try to use it as pwd for login but no success? Any hint >please!

I am in the same, can anybody give me any hint ?

Just create password list from what you got with a different combination and try it.

@Lucyn said:

@nutss said:

@shaboti said:
Enumerate port 1*1 and get SN…, try to use it as pwd for login but no success? Any hint >please!

I am in the same, can anybody give me any hint ?

Just create password list from what you got with a different combination and try it.

That’s not really necessary - you just need to consider that maybe part of the string you got isn’t the value, but the key.

Hello, i cant login into the app even though i found the ‘special string’. I know people say its easy but I am stuck in this for a day so any help would be appreciated.
Thanks

Hey guys I did the login, now I am in the web app, but I don’t know much about web applications, I used burp to intercept de requests and it show me the *** parameter, should I try to make a sql injection or anything like this ? If you have any hint, internet tutorial or video on youtube to the next step I will be grateful!

@nutss said:
Hey guys I did the login, now I am in the web app, but I don’t know much about web applications, I used burp to intercept de requests and it show me the *** parameter, should I try to make a sql injection or anything like this ? If you have any hint, internet tutorial or video on youtube to the next step I will be grateful!

Check you Inbox

Getting was pretty simple and fast, then I’m now on the way to root.txt.
I’ve setup a reverse connection and enumerated many config files and try to understand how qa works, used v console as well but can’t figure what is the next move to do
if anyone having resolved the step can give me a bit of explanation, it will be great, I don’t want a spoil but a way to the good direction

I enumerated the port, and found the S**** string , dont know how to login in to the app, stuck here from past few days, please help.

Any hints on how to get root after getting the shell? Stuck.
Is it something to do with Quagga Bgp ?

Hey Guys,

Got RCE but I’m stuck at shell. Tried a bunch of things with ch**k variable (e.g nc), no luck.

Can someone give me a hint in private or is available to discuss the machine?

Thanks,


Got it, trying to get root now. If someone wants to discuss the machine, pm.

is the box down?

Finally, I got root. It was not easy. Thanks to @roastymaus , @The5thDomain and @marine for helping me out. I am not sure this would consider a spoiler, but for priv esc you can search for “b** q****a attack” and click on the first link on google. That should give you a start

FINALLY!!! Get both missing txt :-)) Thanks a lot to @5N1P3R and @jreeves :slight_smile:

Hi,
I got a basic nc shell via the admin panel but it’s very limited and i’ve been trying to upgrade to a more complete one but to no avail.
Am i wasting my time or should i continue in that path ?

The guy that is canceling all my resets stop please. The machine is broken

@novak said:
Hey Guys,

Got RCE but I’m stuck at shell. Tried a bunch of things with ch**k variable (e.g nc), no luck.

Can someone give me a hint in private or is available to discuss the machine?

Thanks,

Same stage as you - did you have any luck? PM me if you want to avoid giving spoilers

Can someone PM about root? I know what I have to do and I have set up the scenario locally using docker and have successfully achieved what I believe I need to do. However i’m struggling to figure out how to apply this to the actual machine

I got the user flag but I have no idea what to do about privesc. I’m trying to piece together the clues from the site and this thread but I haven’t messed with networking since I took some Cisco networking classes years ago. Can anyone provide me a good link to things I should know for this box?

@shaboti said:
Logged in and now playing with diag, it was returning some output, not it is not returning anything (even with the default encoded q…ga param.

any idea, what could be the problem?
Thanks

EDIT: It works again !

I could sure use a hint on this? I’ve tried substituting (encoded) everything I can think of in this place, but not able to get past it.

EDIT: Well… I got a “root” shell, but not really…