So, with 445, I don’t get any response once I escape the login ^]. I don’t get any new information but I’ve tried both ports. Its obvious I’m not doing something right but I’m just not sure what…
I’ve one doubt,
can anyone explain me this command “D***** M*** Pa***rd.txt:Pa*******rd:$Da”
which gives us string (password) from blank txt file…
@TurinGiants said:
So, with 445, I don’t get any response once I escape the login ^]. I don’t get any new information but I’ve tried both ports. Its obvious I’m not doing something right but I’m just not sure what…
I am not sure what you are doing which requires escaping a login. S******t lets you log in without a username or password and you can access things.
@CodeH4ck3r said:
I’ve one doubt,
can anyone explain me this command “D***** M*** Pa***rd.txt:Pa*******rd:$Da”
which gives us string (password) from blank txt file…
Well not easily without a spoiler but if you dont know what it does, how did you know to do it? Also, its not actually a command. Its an argument you pass to a command.
The first half is the filename, the rest is actually what you are asking for.
Type your comment> @TazWake said:
@TurinGiants said:
So, with 445, I don’t get any response once I escape the login ^]. I don’t get any new information but I’ve tried both ports. Its obvious I’m not doing something right but I’m just not sure what…
I am not sure what you are doing which requires escaping a login. S******t lets you log in without a username or password and you can access things.
I wasn’t getting permission errors when i used s…t but I guess I’ll have to mess around with that some more. I always get my syntax wrong with that tool anyways…
I recently obtain a user flag, some “hint” to get root?
@p3p1n04s3s1n0 said:
I recently obtain a user flag, some “hint” to get root?
Use the new information to enumerate the other port. Get that information, crack it and become Administrator.
Invalid database configuration found. Please contact your system administrator
Seems like some other people are also getting this error… PM me if you know the solution please any help would be appreciated!
@LMAY75 said:
Invalid database configuration found. Please contact your system administrator
Seems like some other people are also getting this error… PM me if you know the solution please any help would be appreciated!
Lots of people got this issue - and its been asked & answered quite a few times. For example, a few posts back: Nest - #616 by TazWake - Machines - Hack The Box :: Forums
The answer is fairly simple though, you’ve jumped to a port you aren’t ready to exploit.
Rooted! That was a nice box. Thank you
Type your comment> @TazWake said:
@LMAY75 said:
Invalid database configuration found. Please contact your system administrator
Seems like some other people are also getting this error… PM me if you know the solution please any help would be appreciated!
Lots of people got this issue - and its been asked & answered quite a few times. For example, a few posts back: https://forum.hackthebox.eu/discussion/comment/60247/#Comment_60247
The answer is fairly simple though, you’ve jumped to a port you aren’t ready to exploit.
Thanks haha
I found c.s***h hash in a file.
I dont know what to do next.
I cant decrypt the hash
Please, any hint?
@fcmunhoz said:
I found c.s***h hash in a file.
I dont know what to do next.I cant decrypt the hash
Please, any hint?
Lots of hints in this thread, so I will just summarise with “enumerate a lot, find things and they will allow you to crack the hash”
Got User
Stuck with getting root… somehow i can´t find the piece of info after decompiling a certain binary with I****y
Need a nudge… I would appreciate anything…
can someone give me a hint please? ive already found a hashed pw for C****h but it is encrypted. i didn’t find anything else which could help to decrypt that pass… ive already enum All the directory and just found txt and xml feel free to pm please!
Interesting machine, thanks creator!
Was anyone able to get a working shell, post the patch?! ? Would be keen to discuss. ?
Finally rooted this box. I really overthought this too much for the root part.
There are several good hints, so I will summer up a little bit 
First thing. You can do everything just in linux.
USER: Enumeration is the key. You will need to learn about the tool in Kali used for the first service you will find. Take the time on this tool because it will serve all along. You can watch ippsec video on windows box (Bastion, …) to get hints on the enumeration of the service if you are new to that 
! Download every files you can and take good notes. Don’t rush not to miss some juicy info. For the reverse part, you can use an online decompiler. Once again, to not fall into a rabbit hole, understand what you search, what the files can give you before rushing in it.
ROOT: This is pretty straightforward if you dont fall into the same rabbit hole than me. Dont overthink. As people said before dont forget the “empty file”. Once you have all the infos on this service, you can go to the next port. You will get the information you need. It is the same process than the USER.
With ILSpy and online compiler you can do everything in Linux
PS: Hope to not spoil to much. DM me if you need some help
■■■■, that was hard i takes me little more that 2 days to root this box but man that feels good, user was super fun to get, and this was my first box like that, no shell at all just smb stuff 
, but that empty files was a nightmare I know about it but It was first thing I checked but only locally and that was my mistake, root was quite fun too, I can barely read c++ so VB was quite a challenge but I manage to figure it out. Overall for me it was medium difficulty but I am a newb. Thank you @VbScrub for box I think I can handle smb stuff now. I probably never get familiar with RE but that was fun and I have great time smashing my head over the wall to figure out stuff 
. I used windoows for certain steps and for me it was better and faster because I already have windows and visual studio installed.
@michiPwn said:
Got User
Stuck with getting root… somehow i can´t find the piece of info after decompiling a certain binary with I****yNeed a nudge… I would appreciate anything…
You’ve probably already looked at the data you need. Think about how you recovered the first set of credentials and what information that application used. The find out if it has changed for the second password.