Bastion

Spoiler Removed

Spoiler Removed

hmmm ok thats weird i will try it again

Any hints on how to connect via smb null session would be great.

Type your comment> @FlompyDoo said:

Any hints on how to connect via smb null session would be great.

Check your inbox…

Someone please dm with a nudge on vhd file.

Type your comment> @FlompyDoo said:

Any hints on how to connect via smb null session would be great.

This would be a great help too

Retrieved hash & clrtxt of a user but can’t seem to r*c, any hints?

Edit:: NVM forgot about another service to use :wink:

I got user in kali, you don’t need to download the big file even with a kali machine.

Very nice box. Liked it a lot. Learned from both user and root :slight_smile: - @L4mpje Good job :slight_smile:

@L4mpje , Nice Box! Thanks community for the hints!

m

anybody got root without spinning up a windows vm?

Type your comment> @psyssin said:

Type your comment> @FlompyDoo said:

Any hints on how to connect via smb null session would be great.

This would be a great help too

SMBMap and SMBClient are my go-to tools for smb

Type your comment> @cyberus said:

Type your comment> @Xen0m0rph said:

Very nice box! Finally rooted, after poking around for a bit with what seems to be a John issue…?
Hashcat worked fine, though.
Thank you to @L4mpje for this very real-life box!
Also learned a few things about how to look into .vhd files! :+1:

John works fine (Tested) u probably didnt specify the hash type.

sir john no work for me, i type john hash and it say it it cant load, can asist me please

Type your comment> @xdaem00n said:

Type your comment> @cyberus said:

Type your comment> @Xen0m0rph said:

Very nice box! Finally rooted, after poking around for a bit with what seems to be a John issue…?
Hashcat worked fine, though.
Thank you to @L4mpje for this very real-life box!
Also learned a few things about how to look into .vhd files! :+1:

John works fine (Tested) u probably didnt specify the hash type.

sir john no work for me, i type john hash and it say it it cant load, can asist me please

John doesn’t work for anyone, u work for John.

Hi @cyberus could you pm me some hints for both root vectors you mentioned?


Actually ignore - rooted!

I really learned a lot about windows enumeration with this machine! I used linux exclusively to obtain the foothold, but I used a “similar environment” for root rather than try to spin up a whole other VM.

HTB needs more boxes like these. Not necessarily hard, but super informative. Learned a lot. Thanks L4mpje!

Easy fun box. Nice job @L4mpje. If someone decrypted password of admin using custom way other than tool please inbox me. I would like to know more.

Managed to get user.txt using Kali and the R*E available; not much trouble there. I am stuck at getting root. Checked software enumeration, cannot see anything there. anyone can pm me with some pointers please?