Bastion

1246723

Comments

  • Finally cracked this one with some hints from @Cybeernoob - namely that you'll make it 1000x harder for yourself if you try and do everything from inside a linux VM... even after you've got user, a windows VM is very helpful.

    Quick hints:

    User - Just an absolute ton of enumeration, once you've got something juicy - keep at it until it develops into something useful.

    Root - A lot less enumeration, you'll probably spot something useful earlier on in your search - google it, you should have root without too much trouble.

    Mech

  • Type your comment> @Kalki said:

    hello everybody !
    Is there a way to download big file through smbclient ? i've got a "parallel_read returned NT_STATUS_IO_TIMEOUT" (i have tested with changing the buffer) ? or any tips for mounting a vd over sb ?

    Try using a certain windows mmc to mount the vhd and browse it instead of downloading the whole image over a slow vpn.

  • edited April 2019

    Type your comment> @Kalki said:

    hello everybody !
    Is there a way to download big file through smbclient ? i've got a "parallel_read returned NT_STATUS_IO_TIMEOUT" (i have tested with changing the buffer) ? or any tips for mounting a vd over sb ?

    Files> Other Locations > Connect to Server > smb://10.10.10.134
    that's all...

  • @Parrrs said:
    Type your comment> @Kalki said:

    hello everybody !
    Is there a way to download big file through smbclient ? i've got a "parallel_read returned NT_STATUS_IO_TIMEOUT" (i have tested with changing the buffer) ? or any tips for mounting a vd over sb ?

    Files> Other Locations > Connect to Server> smb://10.10.10.134
    that's all...

  • edited April 2019

    got it, thx @Cybeernoob and @haqpl for nudges with user, you guys were a real help :)

    tips;
    think of user configuration files on linux and their counterparts on windows

    root;
    find software that seems out of place and google it

  • Type your comment> @Xen0m0rph said:

    Very nice box! Finally rooted, after poking around for a bit with what seems to be a John issue...?
    Hashcat worked fine, though.
    Thank you to @L4mpje for this very real-life box!
    Also learned a few things about how to look into .vhd files! :+1:

    John works fine (Tested) u probably didnt specify the hash type.

    cyberus17l

  • Type your comment> @cyberus said:

    Type your comment> @Xen0m0rph said:

    Very nice box! Finally rooted, after poking around for a bit with what seems to be a John issue...?
    Hashcat worked fine, though.
    Thank you to @L4mpje for this very real-life box!
    Also learned a few things about how to look into .vhd files! :+1:

    John works fine (Tested) u probably didnt specify the hash type.

    Used John as well and it worked fine

  • anyone willing to share some wisdom with root? thank you

  • edited April 2019

    I see a lot of confusion in this thread about the remote access of the v_d using Linux. It's quite simple actually. All it takes are 2 mounts. First, we mount the s_b and then, we mount the v_d. Google is our friend if we don't know the exact commands. Be aware that -sometimes- folders may seem empty due to bad connection. :)

  • Type your comment> @CyprusDonkey said:

    anyone willing to share some wisdom with root? thank you

    Looking for the same....

  • Spoiler Removed

  • Spoiler Removed

  • hmmm ok thats weird i will try it again

  • Any hints on how to connect via smb null session would be great.

  • Type your comment> @FlompyDoo said:

    Any hints on how to connect via smb null session would be great.

    Check your inbox...

  • Someone please dm with a nudge on vhd file.

  • Type your comment> @FlompyDoo said:

    Any hints on how to connect via smb null session would be great.

    This would be a great help too

  • edited April 2019

    Retrieved hash & clrtxt of a user but can't seem to r*c, any hints?

    Edit:: NVM forgot about another service to use ;)

  • I got user in kali, you don't need to download the big file even with a kali machine.

  • Very nice box. Liked it a lot. Learned from both user and root :) - @L4mpje Good job :)

    Hack The Box

  • edited April 2019

    @L4mpje , Nice Box! Thanks community for the hints!

  • edited April 2019

    m

    Hack The Box

  • anybody got root without spinning up a windows vm?

  • Type your comment> @psyssin said:

    Type your comment> @FlompyDoo said:

    Any hints on how to connect via smb null session would be great.

    This would be a great help too

    SMBMap and SMBClient are my go-to tools for smb

  • edited April 2019

    Type your comment> @cyberus said:

    Type your comment> @Xen0m0rph said:

    Very nice box! Finally rooted, after poking around for a bit with what seems to be a John issue...?
    Hashcat worked fine, though.
    Thank you to @L4mpje for this very real-life box!
    Also learned a few things about how to look into .vhd files! :+1:

    John works fine (Tested) u probably didnt specify the hash type.

    sir john no work for me, i type john hash and it say it it cant load, can asist me please

    v1ew-s0urce.flv
  • Type your comment> @xdaem00n said:

    Type your comment> @cyberus said:

    Type your comment> @Xen0m0rph said:

    Very nice box! Finally rooted, after poking around for a bit with what seems to be a John issue...?
    Hashcat worked fine, though.
    Thank you to @L4mpje for this very real-life box!
    Also learned a few things about how to look into .vhd files! :+1:

    John works fine (Tested) u probably didnt specify the hash type.

    sir john no work for me, i type john hash and it say it it cant load, can asist me please

    John doesn't work for anyone, u work for John.

    cyberus17l

  • edited April 2019

    Hi @cyberus could you pm me some hints for both root vectors you mentioned?


    Actually ignore - rooted!

  • I really learned a lot about windows enumeration with this machine! I used linux exclusively to obtain the foothold, but I used a "similar environment" for root rather than try to spin up a whole other VM.

    HTB needs more boxes like these. Not necessarily hard, but super informative. Learned a lot. Thanks L4mpje!

  • Easy fun box. Nice job @L4mpje. If someone decrypted password of admin using custom way other than tool please inbox me. I would like to know more.

    MrR3boot
    Learn | Hack | Have Fun

  • Managed to get user.txt using Kali and the R*E available; not much trouble there. I am stuck at getting root. Checked software enumeration, cannot see anything there. anyone can pm me with some pointers please?

Sign In to comment.