Cascade

@Ric0 said:

Hi Everyone,

I’ve been practicing ls*h foo for two days. Cant find a right flag to get anything related to those unattainable creds. Anybody share with me this spherical knowledge, please?

If you’ve used it with -h -x -b you should have the information you need, its just not immediately recognisable. But 64 bases later it gives you what you want.

I have user3, could I get a nudge for root please.

Thanks @VbScrub great build. You are the Windows Guru :wink: . My writeup is coming tonight :smile:

Amazing box @VbScrub As someone who is notoriously garbage with windows, I learned a bunch of new stuff with this box!

user: really nothing to say but just enumerate more and read everything, later on a
windows vm helped me a lot to get a steamy recipe for the chef.

root: there have been plenty of good hints in the thread, main one being that you don’t necessarily need to be a necromancer to get the secrets of the dead.

PM me for hints but if your in the initial steps my reply will be just enumerate more

Is Hex is useful or it just waste?

@Yumraj said:

Is Hex is useful or it just waste?

not a waste

I’m guessing you have to RE this new share file but having trouble loading it in Olly and no clue how to use ghidra… right path?

Type your comment> @PrivacyMonk3y said:

I’m guessing you have to RE this new share file but having trouble loading it in Olly and no clue how to use ghidra… right path?

Use ‘file’ command and then google how to.

Type your comment> @PrivacyMonk3y said:

I’m guessing you have to RE this new share file but having trouble loading it in Olly and no clue how to use ghidra… right path?

Use an epic JetBrains tool :wink: (It’s .NET bro, it’s almost like if the tool was open source lol)

Just wasted an hour because I’m bad at PowerShell Syntax >.<

Just wasted many hours because I’m bad at Pentesting… stuck on RE of CA*.**e
Is that the way for root?

What a lovely machine @VbScrub , not a difficult journey yet interesting.

General Hints:

  • Enumeration, all the way (Obviously!), mostly manual, except for the foothold. Read carefully, don’t skip a line.
  • You need if a service doesn’t let you in, check another.
  • Not sure what is the the cLP** that people mentioned here! (DM me to know if it’s another path).
  • Collect any password or hash or key, you will use that later.
  • If there is any reversing, don’t panic, it is easy, just think logically, fill in the blanks!
  • Lastly, you don’t have to bring the dead to life, just ask about them.

If you need a nudge please tell me where you’re at, no general questions.

Found some interesting info in the RE but can’t seem to use it.
(#4#c###k#y######)

Bit lost in the RE, any push would be appreciated!

Rooted!
Hats off to you @VbScrub ! This was an amazingly well put together box. Definitely learned some new stuff while not being to frustratingly hard.

A Great Box !
Thank you @VbScrub

Type your comment> @xolan said:

Amazing box @VbScrub As someone who is notoriously garbage with windows, I learned a bunch of new stuff with this box!

user: really nothing to say but just enumerate more and read everything, later on a
windows vm helped me a lot to get a steamy recipe for the chef.

root: there have been plenty of good hints in the thread, main one being that you don’t necessarily need to be a necromancer to get the secrets of the dead.

PM me for hints but if your in the initial steps my reply will be just enumerate more

It’s been said more than once, but this is great advice. A Windows VM will likely make life easier for you at the second to last hurdle. I cruised very quickly to the user flag and then lost a day trying to get the root flag while using only Kali. I’m sure you can do it all on Kali, but Windows might make things go faster. Finally rooted :smile:

Thanks @VbScrub ! I really enjoyed it. ?

Thanks to @salt for giving me that useful hint for the last step of the initial foothold (really don’t know why I overthink that hex), anyway. Really cool box, enjoyed the manual enumeration and I can confirm that it is not necessary a Windows VM, with the evil friend and a useful Windows built-in module you can get it

More Hints

User

  • Sometimes a person can hide things
  • It is not a simple encoding

Root

  • Maybe the famous spy can help you
  • Tomb Raider

Hope not giving to much hints, remove the post if it is

I am having a really hard time getting access to ac user from ssh. I feel like it has something to do with the A***t.db file but cannot seem to find anything of importance. I am pretty sure I know what to do to get root afterwards but really struggling with this third user credential info. Any tips would be really appreciated, currently feeling kinda stupid based off how easy everyone else is claiming it to be.

EDIT: I think I understand now.

Finally Rooted.

User

  • Enumerate all the services which you might usually leave out, because generally they don’t give out much information. However, in this case there is some information that will give you access to enumerate further. Keep enumerating till you you’ve exhausted all the files accessible on the system. Keep a close eye on the files, always search for juicy keywords don’t just eyeball, you are bound to miss something important (like me).

Root

  • Dead people do have hidden secrets which can be extracted without black magic.

Please reach out on discord for help: jtnydv#5773

Thanks.

PS: Report if revealed too much.