Heist

redshift · September 27, 2019, 7:14pm

Spoiler Removed

HackermanJosh · September 28, 2019, 12:55am

Getting some much needed Windows practice in. I have 2.5 decrypted creds, trying to figure out how to try them against the various ports.

Edit: Got user.

watashiwaojsn · September 29, 2019, 6:53am

Rooted! Nice box for playing during weekend. Thanks MinatoTW, learned interesting priv esc method.

G0LD3NG00S3 · September 29, 2019, 11:31pm

Can someone pls dm me on these initial creds? I’ve been staring at this c****g.t** for three hours and have gotten absolutely nowhere!

nkl06 · September 30, 2019, 2:16am

Type your comment> @G0LD3NG00S3 said:

Can someone pls dm me on these initial creds? I’ve been staring at this c****g.t** for three hours and have gotten absolutely nowhere!

Just try to find the Cisco Type 5 password and Type 7 decryption using the python.
(use Rocky Dictionary for one creds others use default)

G0LD3NG00S3 · September 30, 2019, 10:32pm

Type your comment> @nkl06 said:

Type your comment> @G0LD3NG00S3 said:

Can someone pls dm me on these initial creds? I’ve been staring at this c****g.t** for three hours and have gotten absolutely nowhere!

Just try to find the Cisco Type 5 password and Type 7 decryption using the python.
(use Rocky Dictionary for one creds others use default)

Thanks a ton!!

ahsu123 · October 1, 2019, 2:27pm

Hey guys, so I dumped the process from i***x then I searched the dump, but I couldn’t find anything…I think I’m searching with the wrong pattern, could someone give me a nudge? Thanks

Edit: Rooted found the correct thing to search

antim4g3 · October 1, 2019, 9:09pm

Type your comment> @MacCauley said:

I got the 3 users and passwords, now what? Can someone PM me?

enum login enum login enum login

v01t4ic · October 2, 2019, 8:54am

Rooted
have a question.
could someone explain how should i have known the process was privileged?
i just guessed which one by reading the forum…

@MinatoTW, thanks for the box! Should we expect more chats+creds combos in future boxes? =)

blaudoom · October 3, 2019, 12:32pm

Anyone care to give a nudge on root for a *nix person. Used to handling full d**s on a highly combustible environment on *nix, but not without a valid profile.

and nvm. was overcomplicating things.
and got the root.

mRNA · October 3, 2019, 12:50pm

aargh, I can’t get smbclient to work, have googled through the entire internet twice at least…

smbclient -L \I*** -I 10.10.10.149 -U ****** -d3
or
smbclient -L \heist.htb\I*** -U ****** -d3

tell me that smbclient is trying to connect to port 139, which is not open according to my scan results, besides > failed to connect with smb1 – no workgroup available < seems to be all over the forums struggeling with smb.

twypsy · October 3, 2019, 3:55pm

I struggled with this box but I loved it in the end, learning new valuable stuff.

Hint for root : Check the running processes, and dig deeper.

Type your comment> @gorg said:

aargh, I can’t get smbclient to work, have googled through the entire internet twice at least…

smbclient -L \I*** -I 10.10.10.149 -U ****** -d3
or
smbclient -L \heist.htb\I*** -U ****** -d3

tell me that smbclient is trying to connect to port 139, which is not open according to my scan results, besides > failed to connect with smb1 – no workgroup available < seems to be all over the forums struggeling with smb.

Try smbclient -L user -I 10.10.10.149 -U user

mRNA · October 3, 2019, 5:21pm

@twypsy said:
Try smbclient -L user -I 10.10.10.149 -U user

thx, but didn’t work, there might be a misconfiguration of my client somewhere…

Reconnecting with SMB1 for workgroup listing.
do_connect: Connection to 10.10.10.149 failed (Error NT_STATUS_IO_TIMEOUT)
Failed to connect with SMB1 – no workgroup available

… supposely in my kali-vm’s /etc/samba/smb.conf - at least google has been telling me a

client max protocol = NT1

under [global] might help, but it doesn’t. I am new to this samba stuff and most of the time the internet says samba is a piece of software coming straight out of ■■■■.

But I will try harder.

Cli3nt · October 3, 2019, 7:07pm

Can somebody PM me regarding hints for Priv Esc? Thank you!

4lt3r3d · October 3, 2019, 8:49pm

Type your comment> @nkl06 said:

Type your comment> @G0LD3NG00S3 said:

Can someone pls dm me on these initial creds? I’ve been staring at this c****g.t** for three hours and have gotten absolutely nowhere!

Just try to find the Cisco Type 5 password and Type 7 decryption using the python.
(use Rocky Dictionary for one creds others use default)

@nkl06 said:
Type your comment> @G0LD3NG00S3 said:

Can someone pls dm me on these initial creds? I’ve been staring at this c****g.t** for three hours and have gotten absolutely nowhere!

Just try to find the Cisco Type 5 password and Type 7 decryption using the python.
(use Rocky Dictionary for one creds others use default)

@nkl06 Thank you, best hint so far… I was thinking that file had some useful information, but was stuck trying to figure out encoding.

4lt3r3d · October 3, 2019, 9:21pm

Can someone PM me a hint on what to do with the pw’s from the txt file ?? the login page requires an email as username, so I’m guessing they aren’t used there… help?!

D0mBruise · October 3, 2019, 10:36pm

Hi,

Just started poking around to get root on the machine, and 10 minutes later, no more files on the Documents folder, and maximum amount of resets reached…

EDIT:

Okay, they are in another folder now … My bad!

tenentedany · October 4, 2019, 8:49am

Rooted!
First experience! Really fun and challenging!
Thank you all also for your help!

FlessFish · October 4, 2019, 9:10am

Got User. struck on Root

Johnwulp · October 4, 2019, 1:41pm

After a LOT of doing the wrong things i finally got it! Had great fun, and learned a ton!