Nest

VbScrub · March 20, 2020, 2:13pm

@AwkwardUnicorn Windows is not needed btw. Plenty of people have done it all from linux

KuroSaru · March 20, 2020, 2:55pm

Rooted via intended path using Linux only. (wine is technically Linux).

toledonavy · March 21, 2020, 2:27am

NVM got it

Deflncha · March 22, 2020, 4:10am

Rooted. Thanks for the interesting box VB! As someone fairly new in this field I actually ended up learning quite a bit

Red09Devil · March 23, 2020, 9:19am

Not able to cd on HQK Reporting. Any nudge on that will be helpful.

TazWake · March 23, 2020, 10:01am

@RedDevil09 said:

Not able to cd on HQK Reporting. Any nudge on that will be helpful.

Use “HELP” to see what options are available.

Skunkfoot · March 23, 2020, 5:24pm

For all the people talking about debugging or disassembling, that’s cool that you found a different way. However, to everyone else who isn’t as well-versed in that stuff, it is completely unnecessary for root.

If you’ve found the password for the service and have access to the extra command that it provides, which I assume is the intended path, then all you need to do is enumerate the file structure for that service and look at files. You’ll find what you need in a certain file, and then just need to do the same thing you did for user. Once you have that, enumerate the first service some more.

@VbScrub This was a really fun and interesting box. After rooting it, the intended method is very simple and straightforward, and I think pretty realistic. Looking forward to your future boxes and YouTube videos, thanks for the box!

VbScrub · March 23, 2020, 5:30pm

@Skunkfoot thanks my next box will be released this weekend so you won’t have long to wait

GokuBlackSSR · March 23, 2020, 10:10pm

Spoiler Removed

TazWake · March 23, 2020, 10:11pm

@GokuBlackSSR said:

im stuck in RU_Config with the xml, its my first machine “Never quit”
Trying to use Jenkins to decrypt the hash in this file, but no sucess

I already retrieve a lot of data from all files, administration users, hashes and others

Millions of clues about the hash on previous pages. If you haven’t found the files you need to decode the hash, you haven’t looked at all the files yet.

4ndy · March 23, 2020, 11:09pm

Really enjoyed that one, it was refreshing and well made! Thanks VbScrub

FatB0y · March 24, 2020, 12:37am

Okay, second windows box. Found my way in and learned how to navigate somewhat. Can’t find any info on running queries? Everything I found on the net hasn’t worked thus far. When i connect with my windows box one mistake with syntax and the connection drops. That gets old fast. Back to the linux box driving around going nowhere fast. A nudge in the proper direction would be great. I would like to know how to run a query and read a text file. If ya help a brother out you might get a roll of toilet paper via shh scp? Stuff is like gold these days!

Skunkfoot · March 24, 2020, 3:47am

Type your comment> @FatB0y said:

Okay, second windows box. Found my way in and learned how to navigate somewhat. Can’t find any info on running queries? Everything I found on the net hasn’t worked thus far. When i connect with my windows box one mistake with syntax and the connection drops. That gets old fast. Back to the linux box driving around going nowhere fast. A nudge in the proper direction would be great. I would like to know how to run a query and read a text file. If ya help a brother out you might get a roll of toilet paper via shh scp? Stuff is like gold these days!

Find me in the discord channel and I’ll give you your nudge

lancelai · March 24, 2020, 8:25am

got something base64 for c.s**** user and decode using online vb decoder. But the output is just like:
}13??=X?J?BA?X*?Wc?f???c

Not a plain text?
Anyone can help me please

TazWake · March 24, 2020, 8:45am

@lancelai said:

got something base64 for c.s**** user and decode using online vb decoder. But the output is just like:
}13??=X?J?BA?X*?Wc?f???c

Not a plain text?
Anyone can help me please

Its not Base64. Scroll back and see any of the other answers to this question.

JMFL · March 24, 2020, 9:43am

So i am having issues loggin into the foothold like i shoud be able to.

Can someone hit me up to check my command format. The odd part i have tried from a Linux box and a windows box…should be super easy to browse it on the windows box

I can ping the server from both boxes. Any assistance would be great thanks.

TazWake · March 24, 2020, 10:00am

@johnmflynch said:

So i am having issues loggin into the foothold like i shoud be able to.

Can someone hit me up to check my command format. The odd part i have tried from a Linux box and a windows box…should be super easy to browse it on the windows box

I can ping the server from both boxes. Any assistance would be great thanks.

In Kali, s******t should work fine.

JMFL · March 24, 2020, 10:15am

I have used that but dont use Kali. Tried it on my Ubuntu Backbox and Parrot OS. Even tried a .py of what you spoke of above

TazWake · March 24, 2020, 10:17am

@johnmflynch said:

I have used that but dont use Kali. Tried it on my Ubuntu Backbox and Parrot OS. Even tried a .py of what you spoke of above

Ok - I cant speak to either of those OSes, sorry.

JMFL · March 24, 2020, 10:27am

Not prompting me to type password…WARNING: The “syslog” option is deprecated thats all i get and a timeout (Error NT_STATUS_IO_TIMEOUT)

Update VPN issues i guess…