Vault

@sayyeah said:
Any tunneling required after got the root of the D** server? May I have some hints of how to get into vault?

I did see some useful command (i.e. n*** ) in the log. However, no idea how to use it in order to get into vault.

Please give me some directions

Thx.

+1

You need N*** because , if you don’t know where you are going , how are you going to get there ? Suggest you look up the different applications for N*** and different types of ways it can look for what you need given your current topology

@TAPE said:
I got the root.txt too by simple file decryption… seemed wrong… but hey… you don’t know what you’re gonna get when you start a box…

edit
bah… after a reset the file is no longer there so I profited from someone else’s hard work… oh well…

VIP or free ? Wondering if it was me coz I remember resetting the box when I was done .

@An0maly said:
You need N*** because , if you don’t know where you are going , how are you going to get there ? Suggest you look up the different applications for N*** and different types of ways it can look for what you need given your current topology

I don’t get it… I have the IP of vault, i know that 192…5 is interfering the traffic. Still i can’t find my way into vault whatever proxy and command i use. I am totally lost here…

@jodjod said:

@An0maly said:
You need N*** because , if you don’t know where you are going , how are you going to get there ? Suggest you look up the different applications for N*** and different types of ways it can look for what you need given your current topology

I don’t get it… I have the IP of vault, i know that 192…5 is interfering the traffic. Still i can’t find my way into vault whatever proxy and command i use. I am totally lost here…

Thats why you need to laern more about N**** :wink:

@An0maly said:

@jodjod said:

@An0maly said:
You need N*** because , if you don’t know where you are going , how are you going to get there ? Suggest you look up the different applications for N*** and different types of ways it can look for what you need given your current topology

I don’t get it… I have the IP of vault, i know that 192…5 is interfering the traffic. Still i can’t find my way into vault whatever proxy and command i use. I am totally lost here…

Thats why you need to laern more about N**** :wink:

Hi there,

Thx for your help. I am thinking whther we are referring different N***. What I am referring is Nc** but not Na** =). I also saw the log related to Na** in the log and figured out only one service can get response from Vault. However, I have no idea how to use Nc** to connect the vault, could you please give me a direction?

Cheers.

Hi all, enjoying this box however stuck on the O*****v*n configurator, can i use the upload functionality the get a shell ive been trying using “up” however i believe it needs a successful TUN connection to run? any nudge in the right direction would be greatly appreciated

After getting access to D** i can ping vault, i also runned nmap and found out two ports, but they are closed! Dm me any hints! Thnx!

Edit: Rooted!

i think this box is broken, no arp for firewall ip now??

@badman89 said:
i think this box is broken, no arp for firewall ip now??

edit: nvm just being impatient

Feel free to PM me if you are running into issues.

Could anyone help on the o*** file syntax?
I’m really lost trying to make it work for a few hours already.

I writed on it a couple of times and now I can’t write anymore, only timeouts.

I’ve got shell on D**, got some creds and see user.txt file which is empty. Not sure if that meant to be like that? Before I revert and pi** anyone off, so I would check in to see if this is meant to be the case. Thanks guys

As d*** on D** you should have a user.txt. There is an empty one (probably) at the place where you found some credentials, though.

I was root. Got it now. Thought I did a “find /” … perhaps not. Cheers bud. I hate reverting and spoiling for anyone.

I need some hints , anyone PM me :anguished:

I an on D**, and I am completely flummoxed as to how to get over to V****. I see the two closed ports. Anyone feel like DMing me a pointer or two? I’m out of ideas.

EDIT 1: Taking a closer look at a certain log file…

EDIT 2: Ooooh! It looks like I connected… Which is strange since I tried using a similar thing with nmap earlier with no success.

EDIT 3: Yep, I’m in. All the info you need is indeed in the logs not necessarily in the user directories or anything.

The box is fun. I especially like the “box in a box” concept.
But I wonder about getting root.txt: I found it without being root on Vault, even after reset. I assume this is the intended way but would like to know if someone was able to get root on the box, or if I was just lucky (at least 2 times :wink:

I’ve some trouble with shell upload, i try some way … if i upload wrong file i’ve got error message, but if i try other the page is like stuck without any message, is it normal?

edit: rooted
This thread is full of hints already, but giving my two cents:
User: Up to the first reverse shell it’s really straightforward. You then start enumerating everything, you’ll find your way. Read the files and learn lateral movement.

Root: Easier to find, trickier to get. You’ll need to research and to pay more attention to details. One hint is to write down everything you find since the beginning, you never know when or how you might need it.