Conceal

12345679»

Comments

  • edited March 29

    finally got root... if somebody need help just pm me
    Edit: hats off to @clmtn @tabacci @strcpy and thanks for your help

  • Stuck at setting up the initial connection to get user. Using the 'strong' client but i'm missing something. I've studied the man pages and the support pages of the client with no luck. If someone please could PM me, would really appreciate some help.

  • im being constantly timed out on /upl**d... is it rabbit hole or is this box just buggy AF?

    LordeDestro

  • edited April 12

    Type your comment> @wildstyle9 said:

    Same here @nsbyte

    Just got to phase 2. Remember to carefully look at the used / included configs.
    Reading the (sys)logs will really help a lot.

    The best tip I can give:
    Make a config in your mind and check the logs if client is following up your config.

    Edit: rooted. enumerate, enumerate, read and understand how possible priv esc could work.

  • edited April 11

    Hi guys, I'm having a weird issue: last night I got to phase2 using str**S*** and was trying to get past the sub****** issues but when I tried to continue today, i'm stuck at 'peer not responding'. Nothing about my config has changed. I tried resetting the box, restarting everything at my end but nothing seems to work. Weird thing is, when I try it with charon-cmd, the peer does respond. Does anyone have any clue about what might be going on?

    EDIT: sorry guys, you can ignore this. My htb vpn IP had changed, i'm an idiot.

    Jazzblaster

  • edited April 12
    Also stuck with the `received INVALID_ID_INFORMATION error notify`-- Got tired bruteforcing the left/right subnet param if anyone has a nudge I'd really appreciate it...
  • Type your comment> @jownz said:

    Also stuck with the received INVALID_ID_INFORMATION error notify-- Got tired bruteforcing the left/right subnet param if anyone has a neduge I'd really appreciate it...

    https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/ipsec-troubleshooting.html

  • edited April 12

    @nsbyte

    I do know why i get the error -- I'm just tired of brute-forcing to get the exact values that the server enforces...

  • I'm working on getting the connection up and running, but it's fairly foreign to me. At this point I can see my machine sending out initiation requests, but I'm not getting anything back. I'm going to keep plugging away once I have some time, but a hint wouldn't be the worst thing in the world.

  • edited April 20

    owned user , owned root with most of the help using the famous framework. fun box

    r0t13weiler

  • Rooted! Nice box. Learned a lot about windows exploitation, also about a protocol I truly knew very little about. Thanks bashlogic!

  • @jownz I'm at the same exact point now. Could use a PM from someone with some assistance.

  • Is it possible to create the connection also with the network manager from Strong***** or just with the configs?

  • Had the tunnel up and running months ago but couldn't get webshell , keep coming back to this machine but can't seem to do anything with IIS. Would really appreciate if someone could give me a nudge in the right direction on what I'm doing wrong.

    Hack The Box

  • @An0maly said:
    Had the tunnel up and running months ago but couldn't get webshell , keep coming back to this machine but can't seem to do anything with IIS. Would really appreciate if someone could give me a nudge in the right direction on what I'm doing wrong.

    What if not to attack IIS at all and look at some other serivce?

    tabacci

  • For anyone else facing the same problem I had , turns out you have to try many different webshells till one works , could be limitation on the ASP version on the box itself.

    Thanks to @r0t13weiler and @tabacci for helping me troubleshoot it and finally wrap this one up.

    Hack The Box

  • I got a VPN password with no username, help me guys!

  • Spoiler Removed

  • Type your comment> @21y4d said:

    This is not the way to learn ip***. The way to properly learn it is to set it up on both sides, knowing in advance the settings!

    Having to use brute force tools to guess the settings, and then having to figure out the proper way to write the command, only to have it not working for something else we still don't know, is just stupid..

    I would say I agree with you. Would you mind sending me PM with useful links/references teaching the process both-sides, start to finish (if you know of any)? Cheers

  • Finally rooted !!!What a boxxxx!! Pm me for help :)

  • Conceal is the best box that I played on HTB.
    From the first step till root it is extremely practical and useful in real security practice.

    Try it right now if you did not tried it! Conceal is must try box.

    Will miss it after it retired.
    And looking forward to read Conceal write-ups from experienced hackers.

    tabacci

  • I just gotta say, I'm happy to have finally established the VPN connection (now that Conceal is retired & there are tutorials) BUT, I'm kinda mad (don't me mad bro!) >:( I spent a good chunk of time reading, learning, VPN stuff before box retirement, basically my config lacked 2 things. One item, the l***********t=p (I know it's retired, but a spoiler is a spoiler) & the corresponding entry r***********t=p, so I guess 3 things actually, because the next entry ty**=t*******t isn't exactly well documented (I know that from googling "the entry" site:stronswan.org). I don't know if I would have ever figured that out on my own. The first 2 there that I needed were in a README, so that's my bad. I promise to always read the README from now on, promise. Anyways, I guess I feel better now, back to hacking.

Sign In to comment.