rooted! API is super easy once you get understand exactly how the commands work. You can’t just run the commands out of the box. The GUI sucks big time > don’t waste your time!
Got user fairly quick, then found out there was a special service running. Read some about the service and think I found how to proceed, got too many error messages and the connectivity just wasn’t working, saw many people uploading files to the box. Man it’s so frustrating so I quit trying root.
Does anybody know why the box was already retired although it is still quite new? I always thought the boxes are being retired in the order that they were published in, but obviously not.
Type your comment> @nyckelharpa said:
Does anybody know why the box was already retired although it is still quite new? I always thought the boxes are being retired in the order that they were published in, but obviously not.
this box is not retired. It’s still active.
Finally finished this box.
Learned a few things along the way. I’m still very new to this, so this was a great learning experience. And honestly, a confidence booster.
Hope the below isn’t a spoiler.
Foothold: Just enumerate. Then look for the clue. Research what’s running on the box, and there’s a ready built exploit for it. Use the clue inform your use of the exploit.
User: Use the data from the foothold, then just keep trying that information against the various services you find running.
Root: Read what the others have said. From the user level, read the configuration file. Then think about how to tunnel your way in. There’s a well documented exploit, but just read it and think about what it is telling you to do.
I used the API to do the same tasks. You can create your event data, and trigger your magic event all with the API.
@icthus1 said:
@nyckelharpa said:
Does anybody know why the box was already retired although it is still quite new? I always thought the boxes are being retired in the order that they were published in, but obviously not.this box is not retired. It’s still active.
It is retired. There’s just a grace period of a week or something where retired machines are still available to non VIP users.
As for why it got retired earlier than others, I guess just the review scores. It had the lowest score out of all the live Windows machines and this thread is full of people complaining about it being unstable. Personally I didn’t have any issues with it, but seems others did
@icthus1 said:
Type your comment> @nyckelharpa said:
Does anybody know why the box was already retired although it is still quite new? I always thought the boxes are being retired in the order that they were published in, but obviously not.
this box is not retired. It’s still active.
Very much on the retired list right now. It is available but that is just because the most recent retired box is always still available.
Quite a few walkthroughs on Login :: Hack The Box :: Penetration Testing Labs
I’ve no idea why it retired so early (it only went live in April) and there are older easy boxes which could have been replaced. I suspect it may be linked to how many people say they had issues with exploiting the box. Sadly, I am convinced 51% of these issues were down to people not knowing how the exploitation worked and getting frustrated (especially as lots of people were trying to follow the ExploitDB code without understanding it, which meant they tried to restart the service, breaking the box for everyone).
Type your comment> @icthus1 said:
Type your comment> @nyckelharpa said:
Does anybody know why the box was already retired although it is still quite new? I always thought the boxes are being retired in the order that they were published in, but obviously not.
this box is not retired. It’s still active.
It says it was retired when I came back to it this week.
Also can anyone give me a nudge? User was pretty easy and Im in as that user but Im not sure where to look for her.
@notdeltron64 there’s 30 pages of nudges here. If those aren’t enough and you need a spoiler, there’s also now loads of write ups available because the machine was retired.
@notdeltron64 said:
Type your comment> @icthus1 said:
Type your comment> @nyckelharpa said:
Does anybody know why the box was already retired although it is still quite new? I always thought the boxes are being retired in the order that they were published in, but obviously not.
this box is not retired. It’s still active.
It says it was retired when I came back to it this week.
Also can anyone give me a nudge? User was pretty easy and Im in as that user but Im not sure where to look for her.
And to add to what @VbScrub has said, you can get some very good hints here: https://youtu.be/E_TrnbgeITI
Type your comment> @TazWake said:
@notdeltron64 said:
Type your comment> @icthus1 said:
Type your comment> @nyckelharpa said:
Does anybody know why the box was already retired although it is still quite new? I always thought the boxes are being retired in the order that they were published in, but obviously not.
this box is not retired. It’s still active.
It says it was retired when I came back to it this week.
Also can anyone give me a nudge? User was pretty easy and Im in as that user but Im not sure where to look for her.
And to add to what @VbScrub has said, you can get some very good hints here: https://youtu.be/E_TrnbgeITI
Thanks for that. I honestly kept having issues with the box so I let this one die. I agree with VbScrub. I got user and tried to follow along with root but the system wouldnt let me. Bummer 
Hey folks. I’ve been trying to get the initial foothold for several days. Then I gave up, opened writeup and discovered that there used to be port 80.
Not sure what I’m doing wrong, but my nmap scans don’t find it, neither nc to 80 port works.
Type your comment> @501d said:
Hey folks. I’ve been trying to get the initial foothold for several days. Then I gave up, opened writeup and discovered that there used to be port 80.
Not sure what I’m doing wrong, but my nmap scans don’t find it, neither nc to 80 port works.
Hey I experienced that too. When I switched regions, I could find the port open. So it’s odd. I surmise if you get stuck for a long time, peek at the start of some writeups (for retired boxes) to see if your scan matches theirs.
Tried 10+ writeups and Ipseccs video (as well as the other one listed in this thread) and none work anymore since every version of nc.exe gets deleted by the AV/windows defender. Wasted hours on root flag, please update solutions 
EDIT: Didn’t need nc.exe at all, can simply print flag to screen 
@TazWake, I think main issue is that the box has been updated since its retirement and now the original method described in all of the write ups no longer works. Hence the frustration. I mean don’t get me wrong the web app is a mess but it’s not terrible to figure out the quirks.
It was only thanks to messing around with the API so much and thinking I was doing something wrong plus that little hint from @CryptoCat that I was able to figure it out.
@kekkmora said:
@TazWake, I think main issue is that the box has been updated since its retirement and now the original method described in all of the write ups no longer works. Hence the frustration. I mean don’t get me wrong the web app is a mess but it’s not terrible to figure out the quirks.
Possibly true now, but not in June when I posted about this. VBScrubs walkthrough definitely worked then.
It’s a retired box so people can be quite open with the discussion.
What isn’t working any more?
Type your comment> @CryptoCat said:
Tried 10+ writeups and Ipseccs video (as well as the other one listed in this thread) and none work anymore since every version of nc.exe gets deleted by the AV/windows defender. Wasted hours on root flag, please update solutions
EDIT: Didn’t need nc.exe at all, can simply print flag to screen
From memory with this box, the built in nc.exe that comes with kali (2019 distro) would get deleted.
I downloaded another nc.exe (ncat.exe) which did not get deleted by Windows.
If things are being deleted by the system then either:
Put it in a different folder or
Get an more up to date version (which means different signatures) that will not get detected by Windows Defender.
User Flag could be printed to screen from memory but not the root flag
@acidbat
From my experience, NC is a legit binary for useful purposes. I don’t think that Defender will delete nc. Might be a script running behind to erase all the files in a particular area or someone deletes it for fun.
Type your comment> @gunroot said:
@acidbat
From my experience, NC is a legit binary for useful purposes. I don’t think that Defender will delete nc. Might be a script running behind to erase all the files in a particular area or someone deletes it for fun.
Fair enough 
It was a theory of mine - which lead me to download a different version of nc.exe.
The script running the in background is a good theory too and probably more correct.
You might be right in regards to people deleting the files just for the fun of it …(fun is used in sarcasm just so the world knows)
I assume a lot of this is about the difficulty getting netcat to run on the box - I suspect that it is down to the folder you pick to run it from.
I had no issues with a nc.exe running out of C:\temp though.