HelpLine

Can anyone give me a hint after the creds?

Someone can give me a hint on how to read the flags after getting into a shell with nt authority\system.

awesome machine by the way. Congrats @egre55

fucking awesome machine. I learned a lot!!! This was painful, but it was cuz I’m windows noob

My hints:

  • for user try to play with cookies, I think some has released an exploit (is new)
    Them play with the wonderful fruit

  • Root: this was my fucking pain. Whatever you are doing, don’t use you the shell that you got (I know is strange)

Thanks for this. I have to many question about the creation process for this box. I would like to know how did you do everything, if anyone can tell me, It would be appreciated

I found some usernames. I am trying to crack their passwords. The server is painfully slow. Is brute forcing the intended way or might the API help?

can anyone pm me with what to do with the very long string in creds?

What a nice machine! Congrats @egre55 :slight_smile:

Thanks to @CHUCHO @FlameOfIgnis and @jkr for all your help.

PM for hints if you need some.

Apparently I’ve gone a couple miles down the unintended path. I don’t see any way forward that doesn’t involve targeted hash cracking. There are enough hints for that to be viable, I’d think, but it hasn’t gotten me anywhere. Maybe I overlooked something in the mountains of mimikatz documentation. I dropped a forensics lib to read the raw flags. I was hoping to get the metadata, but it only returned the contents. I think that should count, since I technically have the flags.

I saw where @egre55 was doing some things with calc.exe, so I’m wondering if a custom exploit is intended, though I don’t see how it could help me now. I guess I’ll go back to the users, since they each seem to have a purpose. I would like to know if the remoteaccess site is involved. A couple open ports make me think it might be, but I haven’t seen anything else to support it. Alright this stream of consciousness has gone on long enough. good talk

Totally stuck as NT auth shell. tried all kinds of mimikatz trick, not getting anything. Have some idea as to whats going on , E*S .Always lacking one/two component to decrypt something crucial to decrypting the next step/cred/cert…, any hints?? Its fun running all kinds of tools on this machine though

Hello
I need help,
on the website i have succeeded the privilege escalation, what do i have to do now?

Stuck after decrypting a****-p***.xml. I was able to read that file, which results in a very long string. Someone suggested using PSCrl / SeS*g . Been having trouble using the content of that file to do anything. Anyone know the syntax? pm, thx

rooted…■■■■, I learned a lot about powershell-fu…

I was afraid of this box because it is red. And after start I had hard time on the most step in spite of all hints. But after rooting I say that it is real box with real-case situations.
It is very stable and it allows get additional hints from the result of work of other hackers.

And that is why it defenitely is worth the force and the time.

I found creds for two users, but can’t found way for change users, could somebody help me PM

A week later, finally rooted. Thank you to @tabacci and @Ripc0rd for the help. Helpful tips:

Know Powershell. Understand commands and what you can use to leverage your way into getting root.txt.

Rooted and got user! Holy ■■■■ I’m sure I didn’t do this the intended way because I f***ed this box HARD to get that to work. Hahaha. Okay, time to reset before anyone notices.

Could use some help for escalating to leo. I know what I need to do, but I am facing some difficulty.

I have administrator hashes, can pass the hash with psexec but I cannot read the root.txt or user.txt. I see the XML file but having problems decoding it. I am on the file system looking for something to get/do. I would appreciate a hint int he right direction.

Congrats to @egre55. Solid box. I haven’t solved it yet, but I am determined to! Currently stuck after getting read access to the xml file. Probably should find a way to make that information useful, but I have run through all my ideas and need to seek guidance on where to go next.

Totally stuck with getting normal login done. Cannot find a way in this box. I know it sounds weird, but I think I know where to go, but do not know how.

If anyone can help me with reading flags, please PM. I’m able to login with two different users, but cannot read certain files. Any help is appreciated!