Conceal

Question, is anyone getting mixed results with enum? I was getting a lot of results back, started acting flakey so I sent a reset and now I’m not getting anything back at all?

a windows box? i got sub7.exe for that!

It is interesting that at the time of this message (1145UTC) only 3 people have user and first blood took 7 hours.

Yet it is still scored VERY EASY (1 vote) and MEDIUM (1 vote).

That probably means we’re all overlooking something not too complicated. I don’t know about you guys, but I’m great at overthinking this stuff sometimes. #HackerLife

It is not something complicated… you’re basically given the creds to a service… you just need to know how to set it up and use it…

If you have extensive experience in this area, this should be straightforward for you… If not, it’ll take that many hours XD

IDK… Even people that already got it seem to have taken many hours… I doubt that no one that tried don’t have experience with this particular service… I wonder if it’s a rabbit hole…

@bianca said:
IDK… Even people that already got it seem to have taken many hours… I doubt that no one that tried don’t have experience with this particular service… I wonder if it’s a rabbit hole…

It could be… TBH I didn’t get it to work so far…
But I only found one other service on, it’s apparently not exploitable, and it seems to be related to this one, which makes me think it’s not a rabbit hole…

I found a few services. Thing is, they seem to respond to manual probing better than “port scanning”. I have no idea wtf is going on yet though, so don’t mind me.

Im in the same boat as everyone here, got everything + Phases but no luck on the password.

@r518 said:
Im in the same boat as everyone here, got everything + Phases but no luck on the password.

I thinks password is not one think to guess, you need group name also.

its funny for me cause everyone is getting users using v1 and i did enum v1 and v2c both dont give me any usernames.

FIX: i used different tool.

You can get username using the normal tool you always use.

i’m new and please help me. so basically i scanned ports and only *** is up and also i know that it’s **** , i checked it with ********. when i scanned with ****** it showed that it’s running ngen.exe and when i searched it in internet it said that windows vista runs it so then i remembered MS017-10 and checked it with metasploit but it’s not vunlarable. so please someone help me

I have the pre-shared key… not the group and dont know how to setup the V.n lol

Hmm… main additional scanning okay but it doesn’t pay to be aggressive sometimes. Hauling out some scripting skills…

I only need some help with the “Connection” setup if anyone here got user or done that.

I think that is where pretty much everyone is stuck

I tried enumerating the g***p name with a wordlist, but nothing came back…

Yup, we’re all stuck. I really wish I had a working server setup with certain mode disabled so I could start with a working connection and then systematically break it. This is my first time with this particular critter.

Edit: plaudits to the box creator – even though the headwinds are tough here I’m forced to research a common technology and its vulns that have not come up for me before. Much more interesting than playing “hunt the directory”.

This is a new initial foothold for me and I’m still not able to connect to the ■■■■ box. I want to make sure we all found the same stuff.

Enumerating a common U** service on port 1** will provide two pieces of info:

A list of 4 possible users: Gu***, Ad********, De******, DeA*.
A P** Key to the Iv1 (note v) service running on U port 5**. This hash can be cracked almost instantly using a common online cracker and the result is a plaintext P** of Du********. I don’t see any TCP ports open on an nmap scan that are open; however, I can see in the S*** enumeration several common windows TCP ports exposed, but manually probing these ports doesn’t give me anything.

I haven’t seen username:password combo anywhere like I did on Mischief. Thus any user here would be a guess of the four enumerated (via sn**-c****). The only password I’ve seen is the cracked version of the P** Key. The algo I’ve seen to connect with is 3d**-***-m****1***. I haven’t seen any kind of group information.

I’ve tried tons of different IPS** configurations ( IPSe* over L2**) to connect to this box with the information above. This seems like it is going to be more complicated than usual because it is a VPN within a VPN. I’ve tried both GUI and CLI configurations, but I cannot achieve a successful connection.