Conceal

2456789

Comments

  • It is not something complicated.. you're basically given the creds to a service.. you just need to know how to set it up and use it..

    If you have extensive experience in this area, this should be straightforward for you.. If not, it'll take that many hours XD

  • IDK... Even people that already got it seem to have taken many hours... I doubt that no one that tried don't have experience with this particular service... I wonder if it's a rabbit hole...

    bianca

  • @bianca said:
    IDK... Even people that already got it seem to have taken many hours... I doubt that no one that tried don't have experience with this particular service... I wonder if it's a rabbit hole...

    It could be.. TBH I didn't get it to work so far..
    But I only found one other service on, it's apparently not exploitable, and it seems to be related to this one, which makes me think it's not a rabbit hole..

  • I found a few services. Thing is, they seem to respond to manual probing better than "port scanning". I have no idea wtf is going on yet though, so don't mind me.

  • Im in the same boat as everyone here, got everything + Phases but no luck on the password.

  • @r518 said:
    Im in the same boat as everyone here, got everything + Phases but no luck on the password.

    I thinks password is not one think to guess, you need group name also.

  • edited January 6

    its funny for me cause everyone is getting users using v1 and i did enum v1 and v2c both dont give me any usernames.

    FIX: i used different tool.

  • edited January 6

    You can get username using the normal tool you always use.

  • edited January 6

    i'm new and please help me. so basically i scanned ports and only *** is up and also i know that it's **** , i checked it with ********. when i scanned with ****** it showed that it's running ngen.exe and when i searched it in internet it said that windows vista runs it so then i remembered MS017-10 and checked it with metasploit but it's not vunlarable. so please someone help me

  • edited January 6

    I have the pre-shared key..... not the group and dont know how to setup the V.n lol

  • Hmm... main additional scanning okay but it doesn't pay to be aggressive sometimes. Hauling out some scripting skills...

    LegendarySpork

    my badge doesn't work, click on my profile if you want rank and stuff

    Taking a break from HTB through Dec 2019 in order to focus on other projects.

  • I only need some help with the "Connection" setup if anyone here got user or done that.

  • I think that is where pretty much everyone is stuck

  • I tried enumerating the g***p name with a wordlist, but nothing came back..

  • edited January 6

    Yup, we're all stuck. I really wish I had a working server setup with certain mode disabled so I could start with a working connection and then systematically break it. This is my first time with this particular critter.

    Edit: plaudits to the box creator -- even though the headwinds are tough here I'm forced to research a common technology and its vulns that have not come up for me before. Much more interesting than playing "hunt the directory".

    LegendarySpork

    my badge doesn't work, click on my profile if you want rank and stuff

    Taking a break from HTB through Dec 2019 in order to focus on other projects.

  • This is a new initial foothold for me and I'm still not able to connect to the damn box. I want to make sure we all found the same stuff.

    Enumerating a common U** service on port 1** will provide two pieces of info:

    A list of 4 possible users: Gu***, Ad********, De******, De*****A******.
    A P** Key to the Iv1 (note v) service running on U port 5**. This hash can be cracked almost instantly using a common online cracker and the result is a plaintext P** of Du********. I don't see any TCP ports open on an nmap scan that are open; however, I can see in the S*** enumeration several common windows TCP ports exposed, but manually probing these ports doesn't give me anything.

    I haven't seen username:password combo anywhere like I did on Mischief. Thus any user here would be a guess of the four enumerated (via sn**-c****). The only password I've seen is the cracked version of the P** Key. The algo I've seen to connect with is 3d**-***-m****1***. I haven't seen any kind of group information.

    I've tried tons of different IPS** configurations ( IPSe* over L2**) to connect to this box with the information above. This seems like it is going to be more complicated than usual because it is a VPN within a VPN. I've tried both GUI and CLI configurations, but I cannot achieve a successful connection.

  • edited January 6

    Yes, exact same position @1NC39T10N, it's a real struggle but it's forcing me to delve into stuff I've just taken for granted up till now.

    I keep making tiny jumps, I'm so close to getting it working I can taste it. (Probably going to remain stuck at this point for days because I said that)

    Currently trying to figure out why the enumeration confirms the host name is "C******", yet when connecting I get IDir '10.10.10.116' does not match to 'C******'

  • I'm in the same boat as you two. I'm trying to figure out if some missing pieces of info are hiding somewhere or if I have to do some brute forcing. I also wonder if I need to switch to a different OS other than Kali to make certain connections.

    billbrasky

  • edited January 7

    The client matters because there are different types of VPN and different "modes." It looks like you should be able to do it from Kali. apt search VPN for different clients, also apt search for other relevant tools, like scanners.

    Right now I'm starting to wonder if my scans actually got everything. A couple of obvious services but could there be more?

    LegendarySpork

    my badge doesn't work, click on my profile if you want rank and stuff

    Taking a break from HTB through Dec 2019 in order to focus on other projects.

  • @1NC39T10N said:
    This is a new initial foothold for me and I'm still not able to connect to the damn box. I want to make sure we all found the same stuff.

    Enumerating a common U** service on port 1** will provide two pieces of info:

    A list of 4 possible users: Gu***, Ad********, De******, De*****A******.
    A P** Key to the Iv1 (note v) service running on U port 5**. This hash can be cracked almost instantly using a common online cracker and the result is a plaintext P** of Du********. I don't see any TCP ports open on an nmap scan that are open; however, I can see in the S*** enumeration several common windows TCP ports exposed, but manually probing these ports doesn't give me anything.

    I haven't seen username:password combo anywhere like I did on Mischief. Thus any user here would be a guess of the four enumerated (via sn**-c****). The only password I've seen is the cracked version of the P** Key. The algo I've seen to connect with is 3d**-***-m****1***. I haven't seen any kind of group information.

    I've tried tons of different IPS** configurations ( IPSe* over L2**) to connect to this box with the information above. This seems like it is going to be more complicated than usual because it is a VPN within a VPN. I've tried both GUI and CLI configurations, but I cannot achieve a successful connection.

    on the same boat

  • same boat, same frustration..

    clarkkent

  • Can someone give a nudge on INVALID_ID_INFORMATION. I guess i'm so close

    MrR3boot

  • edited January 7

    At this point, I have tried to change around things so much to function correctly. Definitely stuck where everyone else is stuck. I have all this info but no iteration of it seems to be working.

    Edit: Actually, it was my syntax. That was the problem. I got the tunnel to come up finally.

  • @n00kie said:
    a windows box? i got sub7.exe for that!

    Sub7, NetBus and BO -- good times!!! Will it help?

  • @magnus said:

    @n00kie said:
    a windows box? i got sub7.exe for that!

    Sub7, NetBus and BO -- good times!!! Will it help?

    lol i wish hahha

  • edited January 9

    I feel like I'm close, but keep getting a "ERROR: notification NO-PROPOSAL-CHOSEN" message. I've tried a few different proposals, but so far no luck. :( Any help would be appreciated.

    Edit: got in. Used the masked mammal to connect. User flag done, working on privesc.

  • jkrjkr
    edited January 12

    .

  • What client do you guys use to connect ? I tried vpnc but seems not to connect at all

  • I am also stuck on INVALID_ID_INFORMATION. any hints are appreciated.

Sign In to comment.