Cascade

@lebutter said:
That was was one very enjoyable and realistic box, Thanks VBscrub.

I’d be curious to know how much of the boxes you propose is directly inspired from your experience in the field ?

Depends what you mean by in the field I guess. I don’t have any experience in the field of pentesting. I’ve only ever been on the server admin side of things. But yeah in that capacity I’ve seen people do plenty of dumb things that I’m taking inspiration from for some of these machines I’ve made :slight_smile:

Great machine ! I loved the whole experience ! Amazing work, please keep on building more of those nice windows machines !

Rooted! Great machine. Learned heaps. Thanks @VbScrub for the great box and thanks for the nudges.

Nothing too much I can add to what has already been said, other than to echo the comments on enum!

If you find yourself stuck at RE maybe take a look through the Windows.

Rooted! Thanks @VbScrub for this great machine. Thanks to your boxes I’m starting to like two things I’ve always hated: Windows machines and enumeration heavy machines. You’re surely broadening my horizons :slight_smile:

I didn’t manage to complete last step remotely and had to use local access. I’d be greateful for a PM how it can be done.

Not gonna spoil anything more on the forum but feel free to PM for nuggets. But please show some effort before doing so.

Looking for advice on first user logon/pass. I have a user list. I used the ls***. Despite all the hints and nudges (usually these put me in the right direction) - I have no idea what I’m looking for in the dump. Would someone be kind enough to PM me please?

What a great box :mrgreen:

It took me an embarrassingly long time to find the initial cred. The path to root was a learning experience for a noob in that language.

The box had a nice priv esc to root as well!

Overall one of my favourite boxes to date.

Many thanks @VbScrub

Rooted. Thanks @VbScrub for this amazing box. Learnt new stuff abt AD.

Went through some your youtube to find inspiration for the foothold. Seems I was too sensitive to the ticket after Sauna then this box. XD

This box is realistic. Love it. I like the feeling of being a detective finding clues everywhere.

Rooted, was a good one :slight_smile:
PM if you need a nudge

Finally Rooted…
THANKS FOR CREATING IT.

@dextopsupport said:

Looking for advice on first user logon/pass. I have a user list. I used the ls***. Despite all the hints and nudges (usually these put me in the right direction) - I have no idea what I’m looking for in the dump. Would someone be kind enough to PM me please?

Try outputting to a text file then grepping through it for known usernames or references to legacy systems.

Thanks @TazWake and @paddanada. It was staring me in the face the whole time :blush:

Finally got this thing. Took me days and a nudge from Cedgar to figure the root thing out. Thanks again @VbScrub for this box. Nothing like puzzles like these to show your own incompetence can really trip you up :wink:

Important lessons learned:

  • Don’t use ./ when accessing shares. You’ll log in succesfully, but get access denied on everything
  • Powershell can be a stingy bastard when querying some things. You have to really drag it out of it

Thanks @Cedgar for your help on Cascade!!! Thanks @VbScrub for a nice Windows box.

I think I’m at the RE stage of this box now (another weak point) and have tried to use IDA (the free one) to examine the source code but I get an error (The processor type ‘cli’ is not included in the installed version of IDA). Can anyone educate me on what I’m doing wrong or possibly recommend an alternative to IDA that can disassemble the EXE I’ve found.

Finally got this one, had 3 sets of creds before I even looked for any flags.
I used kali only but used a form of gui to search for all the data, took a while to find what was needed for the initial user but after that, plain sailing.
DM if help is needed, I’ll not reveal too much though!

@sloth1985 said:
I think I’m at the RE stage of this box now (another weak point) and have tried to use IDA (the free one) to examine the source code but I get an error (The processor type ‘cli’ is not included in the installed version of IDA). Can anyone educate me on what I’m doing wrong or possibly recommend an alternative to IDA that can disassemble the EXE I’ve found.

Look at .NET decompilers rather than regular assembly decompilers

I know very little about C# but it looks like executables produced with VisualStudio can be decompiled and return something very readable and close to original code. Is that just with your boxes ( @VbScrub ) on purpose to make it easier or is it how most of C# exes are ?

Type your comment> @lebutter said:

I know very little about C# but it looks like executables produced with VisualStudio can be decompiled and return something very readable and close to original code. Is that just with your boxes ( @VbScrub ) on purpose to make it easier or is it how most of C# exes are ?

no, any .NET code (C#.NET or VB.NET) can be decompiled back to pretty much original source code. The only exception being if the author has intentionally run it through an obfuscator, which some companies will do to try protect their source code.

Just rooted, really enjoyed the box ceers to @VbScrub for the fantastic box:

foothold took me a lot of time but an ippsec video really helped me out with the first user password.

privesc was interesting, really enjoyed the RE part, and learned something new about windows in the user3->root part.
pm for hints if are stuck.

Thank you @VbScrub :smiley: This was an awesome box. Great Job!

This was no easy run for me but I enjoyed every step. I learnt a lot about AD and several layers of exploitation … not to forget enum and enum and enum.

Thank you.

PM me if you need a nudge