Nest

I made this machine a few months ago and just saw that its going live this weekend, so I guess I'll start the thread on it :)

This is the first machine I've created for something like this, so feel free to send me feedback via PM if there's things you think could be improved for the next one.

Its meant to be pretty easy, but there is one file in particular that might trip people up and will be especially awkward if you're on a Linux machine. Keen to see what people think of the difficulty level in general so I can factor that in to the new machine I'm working on.

ยซ13456737

Comments

  • Probably the earliest box topic opener ever ๐Ÿ˜‚ The early bird catches the worm. ๐Ÿ‘

    v1p3r0u5
    If you need some help => 1) Your findings so far? 2) Your conclusions? 3) Your further ideas?
    RESPECT++ if I was able to help you! => https://www.hackthebox.eu/home/users/profile/139772

    No messages on the wall please and don't message me via HTB chat, please use the forum!

  • haha sorry, I don't know what the norm is. I figured people normally create them as soon as they notice the new box in the unreleased list

  • First blood expected in T minus 1:16:36:10

  • :love:

    limbernie
    Write-ups of retired machines

  • Type your comment> @VbScrub said:

    I made this machine a few months ago and just saw that its going live this weekend, so I guess I'll start the thread on it :)

    This is the first machine I've created for something like this, so feel free to send me feedback via PM if there's things you think could be improved for the next one.

    Its meant to be pretty easy, but there is one file in particular that might trip people up and will be especially awkward if you're on a Linux machine. Keen to see what people think of the difficulty level in general so I can factor that in to the new machine I'm working on.

    Oh boy... "especially awkward if you're on a Linux machine."

    Man, I am on nothing BUT Linux machines. I get the feeling this might not be "Easy" lol. Don't want to make any quick judgements, though. Congrats on your first release :)


    Hack The Box
    defarbs.com | Retired Machine Writeups! - "Let me just quote the late, great Colonel Sanders, who said, 'I'm too drunk... to taste this chicken.'โ€

  • Hopefully this turns out to be a bit of a break after all the sleep I lost working on Patents. Looking forward to it, and good luck on the next box.

    clubby789

    • GCIH
      If you need help with something, PM me how far you've got already, what you've tried etc (I won't respond to profile comments, or on box release night). And remember to +respect me if I helped you ; )
  • @farbs said:

    Oh boy... "especially awkward if you're on a Linux machine."

    Man, I am on nothing BUT Linux machines. I get the feeling this might not be "Easy" lol. Don't want to make any quick judgements, though. Congrats on your first release :)

    Think how I feel when I only use a Windows machine and half the files in the Challenges section on here are literally impossible on Windows but they don't mention that anywhere haha so many hours wasted

  • Congrats on your first release and looking forward to getting 1st blood!!

    Hack The Box

  • reaaaaadyyyyyyyyyyyyyyyyyyyyy!!!!

    ++++++++++++++++++++++++++++++++++++++++++++++++++

    Str0ng3erG3ek

    +respect me if I helped you :}

  • @Str0ng3erG3ek said:

    reaaaaadyyyyyyyyyyyyyyyyyyyyy!!!!

    I was going to say you're keen, but you're not as keen as the guy who just messaged me asking for hints 2 hours before the machine is even live XD

  • Type your comment> @VbScrub said:

    @Str0ng3erG3ek said:

    reaaaaadyyyyyyyyyyyyyyyyyyyyy!!!!

    I was going to say you're keen, but you're not as keen as the guy who just messaged me asking for hints 2 hours before the machine is even live XD

    Oh lord!

    jeje XD

    ++++++++++++++++++++++++++++++++++++++++++++++++++

    Str0ng3erG3ek

    +respect me if I helped you :}

  • @VbScrub said:
    @Str0ng3erG3ek said:

    reaaaaadyyyyyyyyyyyyyyyyyyyyy!!!!

    I was going to say you're keen, but you're not as keen as the guy who just messaged me asking for hints 2 hours before the machine is even live XD

    Doesn't really need hints, see i've already got user.txt lol.

  • 10 mins root - wow!

  • Got 5 users ๐Ÿ˜Ž

    Hack The Box

  • so there's 3 root owns and 0 user owns... I guess you guys found some exploit I didn't think of when making the box. Anyone fancy messaging me to let me know what you did?

  • So, the box is rooted while I am still waiting for scans to complete :smile: ...

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • Wtf, 11 root owns in 15mn!

    Hack The Box

  • Yeah I don't know what people did to get root so fast lol pretty sure they didn't go the intended route

  • As @VbScrub has said, that implies some unintended exploitation path that they've all discovered.

    Unfortunately, I havent discovered it yet :smile: :smile:

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • That just ruins the fun if people take an alternate path that was unintentionally engineered by the box creator.

    godylocks

    If you like my advice, please give me some respect! Thanks!
    Message me on discord: godylocks#5721

  • n2hn2h
    edited January 25

    someone has a 0-day they aren't sharing ;)

    Hack The Box

  • Type your comment> @n2h said:

    someone has a 0-day they aren't sharing ;)

    yeah exactly.

    godylocks

    If you like my advice, please give me some respect! Thanks!
    Message me on discord: godylocks#5721

  • Not sure I totally agree. It's not all about following the exact steps the creator wanted you to take - that's basically following a tutorial.

    If you can find an alternate route, that's part of the game and part of the learning. It means, for example, that these people know a much faster way to exploit this box than I do.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • edited January 26

    Yeah, it does kind of take the fun out of it if you just run one metasploit command and get root. There's no skill or enjoyment involved in that surely. Maybe some people just care about getting the points

  • edited January 25

    deleted

  • Sorry about the bad luck @VbScrub. I will admit I got it unintended, but once it's patched I'll go back and do it right

    clubby789

    • GCIH
      If you need help with something, PM me how far you've got already, what you've tried etc (I won't respond to profile comments, or on box release night). And remember to +respect me if I helped you ; )
  • @VbScrub said:

    Ohhh someone just messaged me explaining the server is vulnerable to a well known exploit that gives you system straight away lol guess I need to apply more patches to boxes in future before submitting them. My bad.

    I thought that might be the case, but I tried the obvious ones and they didn't work!

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • Fell sorry for you @VbScrub . Will come back to it as soon as it gets the patch.

    v1p3r0u5
    If you need some help => 1) Your findings so far? 2) Your conclusions? 3) Your further ideas?
    RESPECT++ if I was able to help you! => https://www.hackthebox.eu/home/users/profile/139772

    No messages on the wall please and don't message me via HTB chat, please use the forum!

  • That just killed the blood game.
    Waiting for patches to go and re solve it

    Hack The Box

Sign In to comment.