Cascade

Thanks @VbScrub ! I really enjoyed it. ?

Thanks to @salt for giving me that useful hint for the last step of the initial foothold (really don’t know why I overthink that hex), anyway. Really cool box, enjoyed the manual enumeration and I can confirm that it is not necessary a Windows VM, with the evil friend and a useful Windows built-in module you can get it

More Hints

User

  • Sometimes a person can hide things
  • It is not a simple encoding

Root

  • Maybe the famous spy can help you
  • Tomb Raider

Hope not giving to much hints, remove the post if it is

I am having a really hard time getting access to ac user from ssh. I feel like it has something to do with the A***t.db file but cannot seem to find anything of importance. I am pretty sure I know what to do to get root afterwards but really struggling with this third user credential info. Any tips would be really appreciated, currently feeling kinda stupid based off how easy everyone else is claiming it to be.

EDIT: I think I understand now.

Finally Rooted.

User

  • Enumerate all the services which you might usually leave out, because generally they don’t give out much information. However, in this case there is some information that will give you access to enumerate further. Keep enumerating till you you’ve exhausted all the files accessible on the system. Keep a close eye on the files, always search for juicy keywords don’t just eyeball, you are bound to miss something important (like me).

Root

  • Dead people do have hidden secrets which can be extracted without black magic.

Please reach out on discord for help: jtnydv#5773

Thanks.

PS: Report if revealed too much.

Woot woot… that was a wild ride man.
Great box… it sucked my soul in for two days.
Thanks for the tips from @salt and others!

Now to get it to take muh hash!

This machine is really a professional one, I think this is not orange…
I think this is orange++ or red-.

no hints on user, too many nudge was given in this forum.

root:
don’t forget to re-enum (always!) with each credentials you found;
RE is really simple, move like Neo and go toward where all things begin.
There’s something that was deleted, message is clear: then become the right user and look for DETAILS without try to recover it.

I want to say a thing to @VbScrub , this machine, with your prior one, are really fluent, you are giving a way to a lot of us, to study new information and to get new knowledge that is worthy of contemplation

Really great respect, cheers from a destroyed Italy and sorry for my trouble English

foxlox

Is the reg file a rabbit hole?..cuz I’m not able to decode it

Type your comment> @spowlay said:

Is the reg file a rabbit hole?..cuz I’m not able to decode it
Nope, try harder

@spowlay said:

Is the reg file a rabbit hole?..cuz I’m not able to decode it

It is not a rabbit hole. You need to find different tools.

This box is awesome! Really professional and quite real life I would say. I love that it has components that test multiple skills. Also keeping track of information you find throughout the entire pentest is included in a good way.
Good work, keep it up @VbScrub !

Rooted great box…
For the foothold I was to much focused on the field name that was mentioned in one of the Videos. I wasted some time with that, but it is totally my own fault (assumption is the mother of …). In the end I used a tool in Windows. I wonder if it can be done in Kali. I still try to find out. Thanks @VbScrub !

Found a powershell command, that can be run on the host. So the Windows tool is not needed!

Rooted !
Cool Box ! Kudos to the creator @VbScrub !

@VbScrub , great work making this box ! Once again you’re amazing all of us with your mastering in Windows administration.

This box teaches us that every step is important for a good pentest , keeping notes of everything we find, and definitely enumeration is the key.
It was frustrating at start, but i enjoy replaying.

Foothold: Enum all the ports, don’t neglect any
Users: Keep notes of whatever you find, some google will help also. Working with some tools on windows system will save some time.
Root: What you have read at first stage would be useful now, just google what to do when you want to bring back a dead person…

Thanks everyone for the positive feedback :slight_smile: glad you’re all enjoying it. I’m working on 3 more boxes right now so hopefully won’t be long until one is finished and submitted

@VbScrub said:

Thanks everyone for the positive feedback :slight_smile: glad you’re all enjoying it. I’m working on 3 more boxes right now so hopefully won’t be long until one is finished and submitted

If they are like the last two, I am certainly looking forward to it.

@TazWake said:
@VbScrub said:

Thanks everyone for the positive feedback :slight_smile: glad you’re all enjoying it. I’m working on 3 more boxes right now so hopefully won’t be long until one is finished and submitted

If they are like the last two, I am certainly looking forward to it.

+1
And in the meantime, I’ll continue fighting with ROPE :lol:

Type your comment> @VbScrub said:

Thanks everyone for the positive feedback :slight_smile: glad you’re all enjoying it. I’m working on 3 more boxes right now so hopefully won’t be long until one is finished and submitted

Haha, I’m guessing they’ll be hard or insane boxes ?

@cyberafro said:
Type your comment> @VbScrub said:

Thanks everyone for the positive feedback :slight_smile: glad you’re all enjoying it. I’m working on 3 more boxes right now so hopefully won’t be long until one is finished and submitted

Haha, I’m guessing they’ll be hard or insane boxes ?

Yeah two of them will be hard boxes. Which is a shame cos I know less people will try them. But there’s only so much I can do with easy/medium boxes before it gets repetitive

@VbScrub said:

Yeah two of them will be hard boxes. Which is a shame cos I know less people will try them. But there’s only so much I can do with easy/medium boxes before it gets repetitive

Totally agree - and from your point of view this will be quick…

However, the audience who use your boxes wont ever get bored of them. New people join every day and need the easy boxes to get a feel for what they are doing. Although it is a lot better now, about 18 months ago the boxes had a massive tendency towards difficult. I remember a few people I’d convinced to join, tried some of the “easy” boxes, realised they were all nightmares and gave up.

I am not saying it is your job to cater for people but I do genuinely hope more people will step up and build more of the easier boxes. Lots of people will spend 3 days trying to work out how ssh works - they aren’t going to enjoy finding multistage rop chains to exploit a binary.

If I wasn’t [lazy|incompetent] I’d try to make some easy boxes myself. But I am. So, genuinely, my gratitude to box creators like @VbScrub is massive.

Type your comment> @VbScrub said:

@cyberafro said:
Type your comment> @VbScrub said:

Thanks everyone for the positive feedback :slight_smile: glad you’re all enjoying it. I’m working on 3 more boxes right now so hopefully won’t be long until one is finished and submitted

Haha, I’m guessing they’ll be hard or insane boxes ?

Yeah two of them will be hard boxes. Which is a shame cos I know less people will try them. But there’s only so much I can do with easy/medium boxes before it gets repetitive

Good point, keep on the good work