Bastion

1131416181923

Comments

  • Hi All,
    Just registered and this was my first box, this is awesome :)
    Do we know when the box will retire? Seems like I'll need to get another one quick before it happens so I can make it out of 'Noob' :)

  • edited July 2019

    I found user password but don't know what to do with it. Could use some help with this. Thanks. No need!! Got the user.txt, now on to root

  • where did hackerman go ?

    peek

  • This was an awesome machine from top to bottom.

    Anyone who needs a nudge, can approach me.

    Hack The Box

  • edited July 2019

    The box was great! But trying to understend why some tools didn`t work for me and had to install 3d software on W*********.
    Could somebody DM me to maybe discuss why ************.rb doesnt work in my case?

    DM me for hints if you stuck guys :smile:

  • PWNED!

    user was harder than root for me but I confirm it's possible (and maybe easier) to own both user and root from Kali.
    I was scaring myself when the root.txt hash didn't work!! I had to restart the box because root.txt was modified (accidentally?!) by someone, after restarting i noticed that there was one more character at the end of the hash.

    user hint: smb share enumeration + mount techniques + basic Windows password management
    root hint: enumeration + google ^__^

    DM me for help if you want!

    @L4mpje thank you for this awesome box!

    Hack The Box

  • Finally, I was able to get the root, it was a great box, learned a lot from it. @L4mpje thank you for a great box.

    DM me if you need some help!

  • I'm not sure what was said in the forum, but don't waste your time working on the admin password like I did. I was building my own tool (which is fine), but there's already help online that'll enable you to complete this box.

    Just in case anyone is stuck:

    USER - requires solid enumeration to figure what's available to connect to. Once connected, look around/more enumeration (Google any files that you're unfamiliar with), use a well documented technique found online to be able to see more of the filesystem. From there, think about how you would like to obtain user creds.

    Root - more enumeration of the filesystem with the USER access that you have. Again, google any thing that you don't understand/find intersting. I found what I needed very quickly and setup a meterpreter reverse shell (NOT NECESSARY), but I spent hours building a tool with guidance I found online when I could have just used something already available to root the box.

    Overall, this was a very fun machine. I really enjoyed the techniques.

  • Rooted. Nice. I did in Linux and Windows for the practice. Thanks for the script and the help with the script options @0xNoOne
    Thanks for the box @L4mpje

    Feel free to PM.

  • Rooted, all in linux... very nice box don`t get many windows boxes so it's good to play with one

    Parttimesecguy

  • rooted without any using of windows machine, all in kali :)
    pm me if you need help .
    Arrexel

    No Hack No Life ✌😒
  • Still not owned but as a newbie this article helped me a lot:

    https://medium.com/@klockw3rk/mounting-vhd-file-on-kali-linux-through-remote-share-f2f9542c1f25

    please, let me know if it is considered as a spoiler and i (admin?) will remove it.
  • Had a lot of fun with this today, completed all with Kali, learning loads on the way!

  • Type your comment> @M4t35Z said:

    User: enumeration, Who is the uncle of USA?
    Root: more enumeration just for 1 thing

    Feel free to PM me if u stuck. (:

    Ahaha...nice one about User. I've got the file but i'm struggling with J***, h*****t, etc...

  • please help with rooting. I have file. Don't know how to crack it. why do i need windows for that if the scripts are python or ruby?

    Hack The Box

  • edited July 2019

    Type your comment> @kalagan76 said:

    Ahaha...nice one about User. I've got the file but i'm struggling with J***, h*****t, etc...

    Yeah I am encountering the same problem. Has anyone got any tips on how to deal with this?

    Edit: I did it! Thanks to @kalagan76 for helping me with john the ripper for the user.

  • Juste found user password. The command with j*** is actually pretty simple.

  • Rooted! My first Windows machine and the first one i did without help (except the forum). I really like it, that was a great machine. I don't get why a lot of people needed a Windows VM. I did everything under Kali and nothing was really difficult. I'm a newbie but you can PM me if you need help.

  • Got root using only Kali. Except maybe the mount, I think nothing would have been harder than with a windows VM. Thanks @Kucharskov for user and @bing0o for the exploit for root. One hint regarding this one : it needs to be up to date.

  • Stuck on this box. Located and can connect to 2 shares remotely but not sure how to progress. Hints would be appreciate in DM. Thanks.

  • hvahva
    edited July 2019

    Rooted. Learned a lot, especially getting the regular user. Root barely took any time on Linux, no Windows. You can find a python script that helps with the final step if you search for github on "appname_decrypt.py".

  • edited July 2019

    Rooted, but only because this forum gave me the hint which program to check out for the PrivEsc. How would you even figure something like that out on your own? Do you just look at all the programs that are installed and then google around to see if they're vulnerable? Or are there automated processes to find these things?

    Also, @0xNoOne is an absolute saint for writing that script.

    Hack The Box

  • Hi Guys,I could get the user.txt
    But ı couldn't crack the S*M file with john .I just could able to do it online via hashkiller.If someone can crack via John,please send me a PM.I really wonder what is my mistake.

    Thanks

  • Got it. If you want to help. Feel free to PM.

  • Rooted! Thanks to everybody some hints in the post was the only thing needed to get me out the rabbit hole ;-D

  • Getting user.. must I download 5GB .vhd ? So sad

  • Type your comment> @sayanthanpera said:

    Getting user.. must I download 5GB .vhd ? So sad

    Just mount it dude. There's a note on the share that even mentions that.

  • Type your comment> @hva said:

    Type your comment> @sayanthanpera said:

    Getting user.. must I download 5GB .vhd ? So sad

    Just mount it dude. There's a note on the share that even mentions that.

    Thanks dude

  • I'm doing an i*********l with J*** am I just wasting my time?

Sign In to comment.