Bastion

Type your comment> @Vex20k said:

I’m a bit stuck for root. I’ve checked the installed programs as per the hints here, but I can’t seem to figure out what to use. I’ve been looking at *R*NG and *PS-*in64 but I’m not sure.

Could someone give a nudge? Thanks!

you’re on the right track, do your research about that program now

@MLGhacks i had the exact same problem yesterday for hours, and i figured out (for me) it was because i was running NAT on my kali. IDK why but when i went home i randomly switched to bridged and it worked perfect everything was up to speed and could finally go forward, maybe try that

@xdaem00n Hello, I have mounted the unit .vhd what should I look for ?

Greetings

Type your comment> @noobsaibot81 said:

@xdaem00n Hello, I have mounted the unit .vhd what should I look for ?

Greetings

Should be enough clues in this thread to give you an idea about which files you should look for.

How im supposed to get the root key? Someone could give me a hint please? I have found the 64 and the N*e, searched some things but i cant apply any of them lol

@DameDrewby said:

@noobsaibot81 said:
@xdaem00n Hello, I have mounted the unit .vhd what should I look for ?

Greetings

Should be enough clues in this thread to give you an idea about which files you should look for.

I disagree tbh. The ‘clues’ in this topic are still vague. ‘Important directories’ could be everything on a Windows machine: the registry, C:/Users, C:/Program Files, C:/AppData, etc.

I’ve spent hours looking at all folders on the image but still haven’t got the slightest clue of where to look…

Finally got root, that was fun!

User Hint: Explore common windows sec handling. You do not have to download the vhd!
Root Hint: Enum the software, look for odd programs and see what you can use against it

I have no idea where I need to search for the user’s password, I spend so much time to enumerate. Someone can give me a nudge in PM ?

Type your comment> @loln00b said:

@DameDrewby said:

@noobsaibot81 said:
@xdaem00n Hello, I have mounted the unit .vhd what should I look for ?

Greetings

Should be enough clues in this thread to give you an idea about which files you should look for.

I disagree tbh. The ‘clues’ in this topic are still vague. ‘Important directories’ could be everything on a Windows machine: the registry, C:/Users, C:/Program Files, C:/AppData, etc.

I’ve spent hours looking at all folders on the image but still haven’t got the slightest clue of where to look…

We’ve even discussed a tool that may or may not have had an issue (it doesn’t if you use the correct flag) which should be a fairly big hint as to what files have been obtained to get info from

If you’re really struggling then PM me and I’ll help you further but I don’t really want to say on here because it’s difficult to do that without spoiling it for others.

@Rayteur said:
I have no idea where I need to search for the user’s password, I spend so much time to enumerate. Someone can give me a nudge in PM ?

Where would you search for passwords on Windows machine? Google, where it might keep them

I found the file but i can’t get the password

For user password, try to google some basic methods of extracting NTLM hashes from Windows registry. This is not specific for this box, those things are basic knowledge for pentesting.

Got root, that was a fun box, thanks @L4mpje ! More realistic than most of the ones recently. It took learning a couple of tools, but everything is easily researchable. There are plenty of hints in this forum to get both user and root. Don’t overthink!

That was fun, Thanks to @Cybeernoob who confirmed I was on the right path.

MODS - Feel free to edit this if its too spoiler-y…

If you do have to go to a Windows VM be careful of the OS, I could not get the final step to work under W10, but as soon as I moved to a W7 VM the same steps worked first time.

Happy to nudge people if needed…

Re Windows VM versus Linux / which Windows version etc:

In cases like this, I use socat to forward only the relevant port(s) from Kali to a Windows box. So I can use Kali tools in parallel, for investigating other stuff while using Windows tools only when absolutely needed.

Windows 10 worked fine for me for ‘reading the large file’.

Any idea why i cant download the large file? keeps cutting me off at around 400MB of the file because of an error ? (using kali, not windowS)

Finally got root with assistance of Damedrewby and Last0x00… Very nice learning experience.

hello how run this box ? just only the ip or I need to install some stuff ?

Anyone else have their Windows VM crash when trying to mount the vhd?

@hxmo said:
Any idea why i cant download the large file? keeps cutting me off at around 400MB of the file because of an error ? (using kali, not windowS)

You dont have to download the vhd image. On linux you can first mount the SMB share and then locally mount the image file in the SMB share.