HackTheBox - Carrier

2ZxRA8BgmnA/default.jpg

00:53 - Begin of Recon
03:30 - Checking out the Web Page
04:20 - Doing UDP/GoBuster Scans
08:20 - Running SNMPWalk and then logging into web interface
10:20 - Reading the tickets on the web page
12:00 - Discovering code execution
16:00 - Reverse Shell Returned
23:15 - Discovering FTP Server 10.120.15.10
26:00 - Gaining access to a Router Interface
27:30 - Using Draw.io to draw out the network
32:40 - Examining routing information
35:45 - Looking at BGP Information
39:00 - First attempt at BGP Hijack, advertising a route
43:30 - Did not work, examining routing loop.
50:50 - Blocking the routing advertisement to AS300
56:50 - Showing the new routing loop (AS300 sends to AS200)
01:00:00 - Telling AS200 not to advertise the route to AS300
01:04:00 - Grabbing FTP Traffic to get root password
-- Extra Content
01:07:00 - Logging into all 3 routers for some fun
01:08:50 - Hiding from TraceRoute by mucking with TTL's
01:13:20 - Redoing the attack, but showing routing tables on all routers
01:17:30 - Unintended route, Just adding an IP to eth2

2ZxRA8BgmnA/default.jpg
HackTheBox - Carrier HackTheBox - Carrier Reviewed by Unknown on March 16, 2019 Rating: 5