Bastion

1235723

Comments

  • Awesome box And big thanks to creator L4mpje. Priv was awesome as that is something I used to used as Sysadmin, User would be quicker if internet is good, makes easier to enum, PM for any hints
  • Hello, I just started scanning, tell me it's necessary to download the .vhd or which is the way to start.

    Greetings

  • Is bastion down or is just me? I did some scanning this morning with nmap and worked fine and now it's taking forever and sometimes it just says "Host seems down. If it is really up, but blocking our ping probes,...". Same history with the smbclient ,was working and now is just saying "(Error NT_STATUS_IO_TIMEOUT)"

    I also tried to use a Win 10 VM but failed to connect to the shares

    Im getting crazy, any ideas ??

  • Type your comment> @noobsaibot81 said:

    Hello, I just started scanning, tell me it's necessary to download the .vhd or which is the way to start.

    Greetings

    You don't need to download the .vhd. You can use a windows VM to get into that or you can find a way to mount the smb and them mount the vhd, so you can browse it. Doing it on a windows machine is way more easy

    v1ew-s0urce.flv
  • I'm a bit stuck for root. I've checked the installed programs as per the hints here, but I can't seem to figure out what to use. I've been looking at R*****NG and *PS-in64 but I'm not sure.

    Could someone give a nudge? Thanks!

    Vex20k

  • Type your comment> @Vex20k said:

    I'm a bit stuck for root. I've checked the installed programs as per the hints here, but I can't seem to figure out what to use. I've been looking at R*****NG and *PS-in64 but I'm not sure.

    Could someone give a nudge? Thanks!

    you're on the right track, do your research about that program now

    v1ew-s0urce.flv
  • @MLGhacks i had the exact same problem yesterday for hours, and i figured out (for me) it was because i was running NAT on my kali. IDK why but when i went home i randomly switched to bridged and it worked perfect everything was up to speed and could finally go forward, maybe try that

    Hack The Box

  • @xdaem00n Hello, I have mounted the unit .vhd what should I look for ?

    Greetings

  • Type your comment> @noobsaibot81 said:

    @xdaem00n Hello, I have mounted the unit .vhd what should I look for ?

    Greetings

    Should be enough clues in this thread to give you an idea about which files you should look for.

  • How im supposed to get the root key? Someone could give me a hint please? I have found the ***64 and the N****e, searched some things but i cant apply any of them lol

  • @DameDrewby said:

    @noobsaibot81 said:
    @xdaem00n Hello, I have mounted the unit .vhd what should I look for ?

    Greetings

    Should be enough clues in this thread to give you an idea about which files you should look for.

    I disagree tbh. The 'clues' in this topic are still vague. 'Important directories' could be everything on a Windows machine: the registry, C:/Users, C:/Program Files, C:/AppData, etc.

    I've spent hours looking at all folders on the image but still haven't got the slightest clue of where to look..

  • edited April 2019

    Finally got root, that was fun!

    User Hint: Explore common windows sec handling. ****You do not have to download the vhd!****
    Root Hint: Enum the software, look for odd programs and see what you can use against it

  • I have no idea where I need to search for the user's password, I spend so much time to enumerate. Someone can give me a nudge in PM ?

  • Type your comment> @loln00b said:

    @DameDrewby said:

    @noobsaibot81 said:
    @xdaem00n Hello, I have mounted the unit .vhd what should I look for ?

    Greetings

    Should be enough clues in this thread to give you an idea about which files you should look for.

    I disagree tbh. The 'clues' in this topic are still vague. 'Important directories' could be everything on a Windows machine: the registry, C:/Users, C:/Program Files, C:/AppData, etc.

    I've spent hours looking at all folders on the image but still haven't got the slightest clue of where to look..

    We've even discussed a tool that may or may not have had an issue (it doesn't if you use the correct flag) which should be a fairly big hint as to what files have been obtained to get info from

    If you're really struggling then PM me and I'll help you further but I don't really want to say on here because it's difficult to do that without spoiling it for others.

  • @Rayteur said:
    I have no idea where I need to search for the user's password, I spend so much time to enumerate. Someone can give me a nudge in PM ?

    Where would you search for passwords on Windows machine? Google, where it might keep them

  • I found the file but i can't get the password

  • For user password, try to google some basic methods of extracting NTLM hashes from Windows registry. This is not specific for this box, those things are basic knowledge for pentesting.

    Summa scientia, nihil scire.

  • Got root, that was a fun box, thanks @L4mpje ! More realistic than most of the ones recently. It took learning a couple of tools, but everything is easily researchable. There are plenty of hints in this forum to get both user and root. Don't overthink!

    Hack The Box

  • That was fun, Thanks to @Cybeernoob who confirmed I was on the right path.

    MODS - Feel free to edit this if its too spoiler-y...

    If you do have to go to a Windows VM be careful of the OS, I could not get the final step to work under W10, but as soon as I moved to a W7 VM the same steps worked first time.

    Happy to nudge people if needed...
  • edited April 2019

    Re Windows VM versus Linux / which Windows version etc:

    In cases like this, I use socat to forward only the relevant port(s) from Kali to a Windows box. So I can use Kali tools in parallel, for investigating other stuff while using Windows tools only when absolutely needed.

    Windows 10 worked fine for me for 'reading the large file'.

  • Any idea why i cant download the large file? keeps cutting me off at around 400MB of the file because of an error ? (using kali, not windowS)

    Hack The Box

  • edited April 2019

    Finally got root with assistance of Damedrewby and Last0x00... Very nice learning experience.

  • hello how run this box ? just only the ip or I need to install some stuff ?

  • Anyone else have their Windows VM crash when trying to mount the vhd?

    Hack The Box

  • @hxmo said:
    Any idea why i cant download the large file? keeps cutting me off at around 400MB of the file because of an error ? (using kali, not windowS)

    You dont have to download the vhd image. On linux you can first mount the SMB share and then locally mount the image file in the SMB share.

  • Hey guys, I am having trouble doing the second mount, would anyone be able to PM me

  • I scan the box..found open ports and two smb shares...also brutforce ADM** share but not lucky..am in in right direction or i am missing something...

  • edited May 2019

    Taken user and root! Thanks @L4mpje for the box! Feel free to dm for hints.

    The adrenaline was at an all time high when I entered the admin mode oh god

  • Hi can anyone send me an PM how to connect the smb null session? smbc*** is showing some shares but I can't connect to them. A little help is welcome.

    Thanks

  • Many thanks to @DameDrewby for the advice and patience, rooted the box

Sign In to comment.