Bastion

Finally cracked this one with some hints from @Cybeernoob - namely that you’ll make it 1000x harder for yourself if you try and do everything from inside a linux VM… even after you’ve got user, a windows VM is very helpful.

Quick hints:

User - Just an absolute ton of enumeration, once you’ve got something juicy - keep at it until it develops into something useful.

Root - A lot less enumeration, you’ll probably spot something useful earlier on in your search - google it, you should have root without too much trouble.

Type your comment> @Kalki said:

hello everybody !
Is there a way to download big file through smbclient ? i’ve got a “parallel_read returned NT_STATUS_IO_TIMEOUT” (i have tested with changing the buffer) ? or any tips for mounting a vd over sb ?

Try using a certain windows mmc to mount the vhd and browse it instead of downloading the whole image over a slow vpn.

Type your comment> @Kalki said:

hello everybody !
Is there a way to download big file through smbclient ? i’ve got a “parallel_read returned NT_STATUS_IO_TIMEOUT” (i have tested with changing the buffer) ? or any tips for mounting a vd over sb ?

Files> Other Locations > Connect to Server > smb://10.10.10.134
that’s all…

@Parrrs said:
Type your comment> @Kalki said:

hello everybody !
Is there a way to download big file through smbclient ? i’ve got a “parallel_read returned NT_STATUS_IO_TIMEOUT” (i have tested with changing the buffer) ? or any tips for mounting a vd over sb ?

Files> Other Locations > Connect to Server> smb://10.10.10.134
that’s all…

got it, thx @Cybeernoob and @haqpl for nudges with user, you guys were a real help :slight_smile:

tips;
think of user configuration files on linux and their counterparts on windows

root;
find software that seems out of place and google it

Type your comment> @Xen0m0rph said:

Very nice box! Finally rooted, after poking around for a bit with what seems to be a John issue…?
Hashcat worked fine, though.
Thank you to @L4mpje for this very real-life box!
Also learned a few things about how to look into .vhd files! :+1:

John works fine (Tested) u probably didnt specify the hash type.

Type your comment> @cyberus said:

Type your comment> @Xen0m0rph said:

Very nice box! Finally rooted, after poking around for a bit with what seems to be a John issue…?
Hashcat worked fine, though.
Thank you to @L4mpje for this very real-life box!
Also learned a few things about how to look into .vhd files! :+1:

John works fine (Tested) u probably didnt specify the hash type.

Used John as well and it worked fine

anyone willing to share some wisdom with root? thank you

I see a lot of confusion in this thread about the remote access of the v_d using Linux. It’s quite simple actually. All it takes are 2 mounts. First, we mount the s_b and then, we mount the v_d. Google is our friend if we don’t know the exact commands. Be aware that -sometimes- folders may seem empty due to bad connection. :slight_smile:

Type your comment> @CyprusDonkey said:

anyone willing to share some wisdom with root? thank you

Looking for the same…

Spoiler Removed

Spoiler Removed

hmmm ok thats weird i will try it again

Any hints on how to connect via smb null session would be great.

Type your comment> @FlompyDoo said:

Any hints on how to connect via smb null session would be great.

Check your inbox…

Someone please dm with a nudge on vhd file.

Type your comment> @FlompyDoo said:

Any hints on how to connect via smb null session would be great.

This would be a great help too

Retrieved hash & clrtxt of a user but can’t seem to r*c, any hints?

Edit:: NVM forgot about another service to use :wink:

I got user in kali, you don’t need to download the big file even with a kali machine.

Very nice box. Liked it a lot. Learned from both user and root :slight_smile: - @L4mpje Good job :slight_smile: