Bastion

Type your comment> @xdaem00n said:

Type your comment> @cyberus said:

Type your comment> @Xen0m0rph said:

Very nice box! Finally rooted, after poking around for a bit with what seems to be a John issue…?
Hashcat worked fine, though.
Thank you to @L4mpje for this very real-life box!
Also learned a few things about how to look into .vhd files! :+1:

John works fine (Tested) u probably didnt specify the hash type.

sir john no work for me, i type john hash and it say it it cant load, can asist me please

John doesn’t work for anyone, u work for John.

Hi @cyberus could you pm me some hints for both root vectors you mentioned?


Actually ignore - rooted!

I really learned a lot about windows enumeration with this machine! I used linux exclusively to obtain the foothold, but I used a “similar environment” for root rather than try to spin up a whole other VM.

HTB needs more boxes like these. Not necessarily hard, but super informative. Learned a lot. Thanks L4mpje!

Easy fun box. Nice job @L4mpje. If someone decrypted password of admin using custom way other than tool please inbox me. I would like to know more.

Managed to get user.txt using Kali and the R*E available; not much trouble there. I am stuck at getting root. Checked software enumeration, cannot see anything there. anyone can pm me with some pointers please?

Awesome box And big thanks to creator L4mpje. Priv was awesome as that is something I used to used as Sysadmin, User would be quicker if internet is good, makes easier to enum, PM for any hints

Hello, I just started scanning, tell me it’s necessary to download the .vhd or which is the way to start.

Greetings

Is bastion down or is just me? I did some scanning this morning with nmap and worked fine and now it’s taking forever and sometimes it just says “Host seems down. If it is really up, but blocking our ping probes,…”. Same history with the smbclient ,was working and now is just saying “(Error NT_STATUS_IO_TIMEOUT)”

I also tried to use a Win 10 VM but failed to connect to the shares

Im getting crazy, any ideas ??

Type your comment> @noobsaibot81 said:

Hello, I just started scanning, tell me it’s necessary to download the .vhd or which is the way to start.

Greetings

You don’t need to download the .vhd. You can use a windows VM to get into that or you can find a way to mount the smb and them mount the vhd, so you can browse it. Doing it on a windows machine is way more easy

I’m a bit stuck for root. I’ve checked the installed programs as per the hints here, but I can’t seem to figure out what to use. I’ve been looking at *R*NG and *PS-*in64 but I’m not sure.

Could someone give a nudge? Thanks!

Type your comment> @Vex20k said:

I’m a bit stuck for root. I’ve checked the installed programs as per the hints here, but I can’t seem to figure out what to use. I’ve been looking at *R*NG and *PS-*in64 but I’m not sure.

Could someone give a nudge? Thanks!

you’re on the right track, do your research about that program now

@MLGhacks i had the exact same problem yesterday for hours, and i figured out (for me) it was because i was running NAT on my kali. IDK why but when i went home i randomly switched to bridged and it worked perfect everything was up to speed and could finally go forward, maybe try that

@xdaem00n Hello, I have mounted the unit .vhd what should I look for ?

Greetings

Type your comment> @noobsaibot81 said:

@xdaem00n Hello, I have mounted the unit .vhd what should I look for ?

Greetings

Should be enough clues in this thread to give you an idea about which files you should look for.

How im supposed to get the root key? Someone could give me a hint please? I have found the 64 and the N*e, searched some things but i cant apply any of them lol

@DameDrewby said:

@noobsaibot81 said:
@xdaem00n Hello, I have mounted the unit .vhd what should I look for ?

Greetings

Should be enough clues in this thread to give you an idea about which files you should look for.

I disagree tbh. The ‘clues’ in this topic are still vague. ‘Important directories’ could be everything on a Windows machine: the registry, C:/Users, C:/Program Files, C:/AppData, etc.

I’ve spent hours looking at all folders on the image but still haven’t got the slightest clue of where to look…

Finally got root, that was fun!

User Hint: Explore common windows sec handling. You do not have to download the vhd!
Root Hint: Enum the software, look for odd programs and see what you can use against it

I have no idea where I need to search for the user’s password, I spend so much time to enumerate. Someone can give me a nudge in PM ?

Type your comment> @loln00b said:

@DameDrewby said:

@noobsaibot81 said:
@xdaem00n Hello, I have mounted the unit .vhd what should I look for ?

Greetings

Should be enough clues in this thread to give you an idea about which files you should look for.

I disagree tbh. The ‘clues’ in this topic are still vague. ‘Important directories’ could be everything on a Windows machine: the registry, C:/Users, C:/Program Files, C:/AppData, etc.

I’ve spent hours looking at all folders on the image but still haven’t got the slightest clue of where to look…

We’ve even discussed a tool that may or may not have had an issue (it doesn’t if you use the correct flag) which should be a fairly big hint as to what files have been obtained to get info from

If you’re really struggling then PM me and I’ll help you further but I don’t really want to say on here because it’s difficult to do that without spoiling it for others.

@Rayteur said:
I have no idea where I need to search for the user’s password, I spend so much time to enumerate. Someone can give me a nudge in PM ?

Where would you search for passwords on Windows machine? Google, where it might keep them