Conceal

@bianca said:
For those still in trouble with port scanning I would recommend you read Quick Port Scan Tip - Other - Hack The Box :: Forums

@23Y4D try using the service you found for enumeration (I’m assuming you found the right service for this)

If anyone got further than initial enumeration, I could use some help to connect to the service on the machine (trying not to spoil here). I’ve got version and credentials, but I’m having trouble to find a proper client for Kali.

I think I’m at the same spot. I found the “Key” and I’m trying to get the connection setup but looks like I might also need a username and password in addition to the P** Key but I’m not seeing anything. I would expect to at least see a username in the same place as the key.

@1NC39T10N said:

@bianca said:
For those still in trouble with port scanning I would recommend you read Quick Port Scan Tip - Other - Hack The Box :: Forums

@23Y4D try using the service you found for enumeration (I’m assuming you found the right service for this)

If anyone got further than initial enumeration, I could use some help to connect to the service on the machine (trying not to spoil here). I’ve got version and credentials, but I’m having trouble to find a proper client for Kali.

I think I’m at the same spot. I found the “Key” and I’m trying to get the connection setup but looks like I might also need a username and password in addition to the P** Key but I’m not seeing anything. I would expect to at least see a username in the same place as the key.

Isn’t the machine name a hint?

@clarkkent said:

@1NC39T10N said:

@bianca said:
For those still in trouble with port scanning I would recommend you read Quick Port Scan Tip - Other - Hack The Box :: Forums

@23Y4D try using the service you found for enumeration (I’m assuming you found the right service for this)

If anyone got further than initial enumeration, I could use some help to connect to the service on the machine (trying not to spoil here). I’ve got version and credentials, but I’m having trouble to find a proper client for Kali.

I think I’m at the same spot. I found the “Key” and I’m trying to get the connection setup but looks like I might also need a username and password in addition to the P** Key but I’m not seeing anything. I would expect to at least see a username in the same place as the key.

Isn’t the machine name a hint?

Maybe. I tried it as the PW and username:PW but didn’t get a connection. Not sure yet if it is my setup or the creds are invalid

Edit: found a list of users (same place as plaintext key). Still looking for passwords

I already got the Username and Password but my problem is about setting it up. I have no idea about the thing lol.

@CatrionaGray said:
I already got the Username and Password but my problem is about setting it up. I have no idea about the thing lol.

Same. This should be a good lesson learned xD

Brute force groupname don’t show me anything
Do I miss some obvious name ?

I think i know how to use the info that i got from a service, but, how to go into this when you are already on it? inception? … :lol:

Having some fun here to setup the VPN connection lol

But no username / password so far. Am I missing something?

@braindamaged Nice work on first blood!

Question, is anyone getting mixed results with enum? I was getting a lot of results back, started acting flakey so I sent a reset and now I’m not getting anything back at all?

a windows box? i got sub7.exe for that!

It is interesting that at the time of this message (1145UTC) only 3 people have user and first blood took 7 hours.

Yet it is still scored VERY EASY (1 vote) and MEDIUM (1 vote).

That probably means we’re all overlooking something not too complicated. I don’t know about you guys, but I’m great at overthinking this stuff sometimes. #HackerLife

It is not something complicated… you’re basically given the creds to a service… you just need to know how to set it up and use it…

If you have extensive experience in this area, this should be straightforward for you… If not, it’ll take that many hours XD

IDK… Even people that already got it seem to have taken many hours… I doubt that no one that tried don’t have experience with this particular service… I wonder if it’s a rabbit hole…

@bianca said:
IDK… Even people that already got it seem to have taken many hours… I doubt that no one that tried don’t have experience with this particular service… I wonder if it’s a rabbit hole…

It could be… TBH I didn’t get it to work so far…
But I only found one other service on, it’s apparently not exploitable, and it seems to be related to this one, which makes me think it’s not a rabbit hole…

I found a few services. Thing is, they seem to respond to manual probing better than “port scanning”. I have no idea wtf is going on yet though, so don’t mind me.

Im in the same boat as everyone here, got everything + Phases but no luck on the password.

@r518 said:
Im in the same boat as everyone here, got everything + Phases but no luck on the password.

I thinks password is not one think to guess, you need group name also.

its funny for me cause everyone is getting users using v1 and i did enum v1 and v2c both dont give me any usernames.

FIX: i used different tool.