Bastion

morningstar333 · August 16, 2019, 9:41pm

hmm

Arrow · August 17, 2019, 10:33am

Any help on decrypting the co**C****.xml?
I’ve been trying with Metasploit module and a rb decoder I found online but nothing seems to work.

EDIT: Rooted. Great VM. I really enjoyed it and find out a couple of Windows related things that I didn’t know. Thanks @L4mpje.
To those that have this issue. Just download what you need locally and search on google ways of looking up password using the Program linked to xml file.
Feel free to PM me for hints

IneptTarget · August 17, 2019, 11:29am

Type your comment> @DameDrewby said:

Type your comment> @bashocker said:

Frustrating box for us new at pen testing. I can only mount the large vhd but not the small one. Any suggestions?

That’s the only one you should need

Thanks! I have been trying to figure this part out for no reason

Sameasname · August 17, 2019, 6:08pm

I need a nudge. I have the x*l file and saw to use decryptor but cannot get it to work for admin password.

Jaxhead · August 18, 2019, 3:48am

Just got root only using linux vm, nice box @L4mpje!
I’ve been reading the forum and saw everybody mentioning that root would be difficult. Sometimes you should use come google hacking to get better results. I can tell you there is a very useful snake script to decrypt a certain password. Only a base64 looking string is needed.

RBrodsky · August 18, 2019, 4:59am

Rooted! Did everything in Kali no need for the Windows VM. Just look into Mounting in Linux.

User: After Mount You have everything you need. Look for the Windows equivalent of /etc/*

Root: Look at the Programs, Research ones you don’t know.

Feel free to PM me if you need a nudge.

zfyra · August 18, 2019, 6:00am

I´m having this issue trying to decrypt the CC.*ml with 0xNoOne ´s script… any idea how can I fix it? Thanks!

File “mremoteng_decrypt.py”, line 49, in
main()
File “mremoteng_decrypt.py”, line 45, in main
plaintext = cipher.decrypt_and_verify(ciphertext, tag)
File “/usr/lib/python3/dist-packages/Cryptodome/Cipher/_mode_gcm.py”, line 504, in decrypt_and_verify
self.verify(received_mac_tag)
File “/usr/lib/python3/dist-packages/Cryptodome/Cipher/_mode_gcm.py”, line 456, in verify
raise ValueError(“MAC check failed”)
ValueError: MAC check failed

drfunkenstein · August 18, 2019, 10:38am

Type your comment> @zfyra
Check your DM

IneptTarget · August 18, 2019, 1:04pm

Kind of stuck at the moment with the root portion. Firstly, this is my first box so I am not as knowledgeable. I am fairly certain i know of the weak link on the system but not sure how to implement the .py, I ‘think’ is correct, to the windows system if that is even what i need to do. I would like to maintain using Linux if possible and not resort to Windows emulator. I read people using the mr*r but I am unfamiliar with it and cant seem to figure it out. If someone could PM me I would greatly appreciate it.

Edit: Figured it out, fun box a lot of stupid mistakes on my part. Thanks @L4mpje !

mohabaks · August 18, 2019, 4:01pm

Cheers @L4mpje for forcing me to learn some basic windows enum. This was my first window machine. Just rooted with Linux only no need for a window VM. Note all the hints have been mentioned just Enum + think + decrypt + google

piyadist · August 18, 2019, 6:50pm

Rooted. Thanks @L4mpje . Its nice box
User: Enumeration and mount
Root: Enumeration and research
Feel free to PM me for hints

RootTaken · August 19, 2019, 10:55am

I cracked the HASH from the S*M Database. Now i am stuck. please give me hint

InfosecGreg · August 19, 2019, 8:32pm

Good box.

User: Mounting all the things is the way to go, once that’s done, just extracting and cracking files is enough and can be done without much system resources.

Root: This one had me stumped for a while. Turns out, I missed one of the flags in a script that I had found earlier that proved useful. This box CAN be rooted without a Windows VM.

sebaileyus · August 19, 2019, 9:20pm

Could anyone pm me how they cracked the passwords after extraction? i can’t get HC or Jonny to play ball

Mahadi · August 20, 2019, 12:27pm

I am totally new here. Please I Need Help to solve box

vider · August 22, 2019, 4:00am

Type your comment> @sebaileyus said:

Could anyone pm me how they cracked the passwords after extraction? i can’t get HC or Jonny to play ball

Buddy is very simple (I was stuck for a while) use the py script on this forum… don’t put jonny to play…

vider · August 22, 2019, 4:01am

I just rooted! Thanks @L4mpje I learned a loooooottt.

JackDone · August 22, 2019, 11:30am

need a nudge on SSh…Anybody

Th3R3dP1ll · August 23, 2019, 2:08pm

User’d and root’d,

tons of fun, not sure if you ever find this in the wild but a very interesting box!

SpiritWolf · August 23, 2019, 2:58pm

Usered and rooted Bastion today. It was really interesting and fun box to hack, much easier after the “Heist” though. Thanks for the efforts @L4mpje!

Topic		Replies	Views
CrimeStoppers Machines crimestoppers	53	7679	February 15, 2019
Kryptos Machines	109	13174	September 20, 2019
Remote Machines	1025	136706	March 27, 2021
LaCasaDePapel Machines	696	109732	November 8, 2019
Sniper Machines machines , machine , boxes , sniper	444	67123	March 28, 2020

Bastion

Related topics