Nest

TazWake · March 3, 2020, 6:18am

@mspc said:

can you help me with root? I am stuck. able to run vb scripts with windows.

Root is very similar to getting the user. Enumeration is the key, then a bit of reversing.

Samsara · March 3, 2020, 1:19pm

Hi. I’d like a nudge. Have the user and a pass. I know its encoded. But do not know in what wat (not the obvious). Please PM for a bit of help.

TazWake · March 3, 2020, 1:50pm

@Samsara said:

Hi. I’d like a nudge. Have the user and a pass. I know its encoded. But do not know in what wat (not the obvious). Please PM for a bit of help.

Have a look at the previous messages relating to VB files.

herapen09 · March 3, 2020, 3:52pm

Finally I’ve already finished this box. Thanks @TazWake for a nudge. Thanks @VbScrub for this awesome box for beginner like me

mkt · March 3, 2020, 4:33pm

Thanks for putting in the effort to make a custom exploitation box. I enjoyed the challenge.

steps0x29a · March 3, 2020, 4:52pm

YES! Rooted this thing!

That was NOT easy! But @VbScrub already said everything about that, so no worries.

Actually, that one got me banging my head on the keyboard quite lot, but the reward was awesome! Did it on Windows and Linux (using both simultaneously), as I could not make the required tools run on Linux…well, that’s fine with me.

Thanks @VbScrub , I learned a LOT today! Keep 'em coming

VbScrub · March 3, 2020, 6:02pm

@mkt said:
Thanks for putting in the effort to make a custom exploitation box. I enjoyed the challenge.

Thanks, it did take a while to make

@steps0x29a
I’ve made another box (although less custom this time) and I found out today that it will be going live before the end of the month so you can look forward to that

hur · March 3, 2020, 8:43pm

Got user, trying to root. Any nudges for decrypting the second hash? It’s the only useful thing I got out of the higher port.

TazWake · March 3, 2020, 8:49pm

@hur said:

Got user, trying to root. Any nudges for decrypting the second hash? It’s the only useful thing I got out of the higher port.

You need to find the updated settings from the file you should have extracted on the lower port.

velocicat · March 4, 2020, 10:41am

Fun box, @VbScrub! Thanks! Looking forward to the next one!

Jiwain · March 5, 2020, 1:28pm

Hi guys, I got the hash from .s*** but I can’t get into debug mode on the highter port, I think I need to find another hash in order to get into debug mode. You confirm?

As far as the lower port is concerned, I connected to it with the user T**********r, while searching a little bit I find a lot of .vb files in the “VB P********” of c**l but nothing concrete in the files, did I look wrong, am I close to the goal or am I clearly going in the wrong direction?

idevilkz · March 5, 2020, 4:46pm

Hi Guys,
First of all, can I say what a place, I am extremely late here and also a very new new n00b.
I am attempting Nest and here is where I am so far:

I have found both low and high ports
on low port, I have tried to use login to share using smbclient and gone through all files/folders where possible but no luck
again on low port, I have used rpcclient and found out which one is the flag user
on how port, once logged in, I can see a lot of data and basically full structure
and I am stuck, a nudge or a wrist slap will be appreciated.

thanks
ID

VbScrub · March 5, 2020, 5:52pm

@idevilkz if you mean you still haven’t got the first set of credentials, you haven’t looked very hard on the low port they’re literally just in plain text in a text file and there aren’t many folders you can even access, so it should be very easy to find.

idevilkz · March 5, 2020, 7:57pm

my bad I managed to get those details after this post . I wasn’t using the correct syntax of double quotes to get the file. off to next stage.

Hav0k · March 5, 2020, 8:38pm

I need a little help decompiling the .exe file. Which tool should I be using? PM me…

Hav0k · March 5, 2020, 9:35pm

Type your comment> @Hav0k said:

I need a little help decompiling the .exe file. Which tool should I be using? PM me…

Thank you @Gh0stBl4ck !

LegendarySpork · March 6, 2020, 7:27am

Hi all – did anyone have luck with openssl for one of the “cryptic” early steps? I couldn’t get that to work and ran the VB.

alicemacs · March 6, 2020, 10:29am

I can’t find c.*****'s password. I found the encoded password in the file. However, what do I use it? Can I give me a hint…?

TazWake · March 6, 2020, 11:02am

@alicemacs said:

I can’t find c.*****'s password. I found the encoded password in the file. However, what do I use it? Can I give me a hint…?

This has been asked and answered a lot in the last 30 pages. You need to find more information, modify it, compile it and execute it to get the plain text password.

idevilkz · March 6, 2020, 11:54am

Hi Guys, Can someone give me a Nudge. I am using telnet on the high port and can see and find files. I have found information however telnet is only allowing me to do handful amount of things i.e: setdir, list etc.
Should that suffice or do I need to think outside the box and do something more or use a different tool.

also, with regards to low port and ADS, I can see stream however don’t know how to execute it.