Ethereal

@rewks said:
I’ve tried four different ways of creating m** files, and they work on my local windows VM but apparently when r**** checks them they do nothing - yes I am doing something to them with the thing that can be found in the other folder/is referenced in his note.

The struggle is real. Would appreciate a hint.

I’m in the same boat. I think there is another piece missing to what needs to be done, but can’t quite get it yet.

I finally managed to crack it, what a ride. I certainly had to do a lot of research to root this machine. My experience can be summarised by “You think you know what you’re doing, but you don’t really. Go back to google.”

Frustrating, yet rewarding.

Greetings from the Jungle to All who dares to challenge Ethereal!

Is there anybody who have met “General Protection Fault” or “Page Fault” with p**x?
I’ve met. Any systems, any emulators, any version of additional library…

Have I to defeat it and run p**x to move further?
or debug it immediately (I can’t at the time)?
or leave it alone and look for other way?

@tabacci said:
Greetings from the Jungle to All who dares to challenge Ethereal!

Is there anybody who have met “General Protection Fault” or “Page Fault” with p**x?
I’ve met. Any systems, any emulators, any version of additional library…

Have I to defeat it and run p**x to move further?
or debug it immediately (I can’t at the time)?
or leave it alone and look for other way?

If the provided .*** isn’t playing nice, you could always look for an alternative for a more familiar environment.

@rewks said:

If the provided .*** isn’t playing nice, you could always look for an alternative for a more familiar environment.

The spice is that even the best friend environment spits error and does not start .***
May be I have got broken p**x because some glitch in mounting disk image or something else here.

I did not notice complains for this error so thought that it is not common.
But now I see that it was not my environment problem, but the part of the quest.

Traditionally parting words:

About the Ethereal:
Extremely hard and interesting machine.
It will require many hours and efforts and skills.

About skills:
It is better already have some experience in the fields
If you did not study hard in advance, you will research on the fly

for User: Advanced Tunneling Techniques in Windows
for Root: Desktop Software Deployment and PKI Tools

Awesome machine!!! My head has collapsed. Pls don’t ask me help, need to do this machine 4 o five times more

Not sure if anybody can help me, but I’ve reached a stage with this box where I feel I’m really close to getting a foothold and just need a bit of a nudge!

I have gotten through to the stage where I can remotely execute very basic commands using the ping interface, but I am not really too sure which particular hole is the one containing no rabbits… Do I need to manipulate something that I know is likely to be clicked on…? Should I keep just trying to work out what I can directly run from there?

Any vague nudges would be appreciated, as this is driving me up the wall!

Thanks!

stuck on rce with icmp. Seems like support is rabbit hole too.

Is there a need for brute-force on any part of this challenge ? I struggle with a basic auth, got some passwords and user names from pxxx but cant use them here.

I’m quite stuck on RCE, only managed to get icmp packets, my solutions to get more are failing, anyone would care on a little hint via PM? I suspect what might be but don’t have a clue on how to check it.

Remove the comment if necessary.

@Skorn said:
I’m quite stuck on RCE, only managed to get icmp packets, my solutions to get more are failing, anyone would care on a little hint via PM? I suspect what might be but don’t have a clue on how to check it.

Remove the comment if necessary.

There’s a famous lookup service on UDP.

Started looking at this, hoping to get a toehold before it retires. I’m enjoying this one. It’s a trip down memory lane, for back when we would tie an onion to our belt.

I did a big facepalm when I realized there is no need to be all clever and deal with retro emulators for the p***.*** cracking step . Just look at what you’ve got and go get something that runs on kali. Now let’s see if I can use what I found… yep. Another small step.

This was the most difficult box i ve done on HTB tbh. I decided to write here after rooting that devil to mention two things that kept me looping around for a while. the first is… be sure to not mess with your “creations” (if you do then you must remove your “sign” and do it again), the second is that on the last step of this box you must be patient. the time to do the whole process is 5 mins not less than a minute like a step to take user. so if you do all the steps just relax sit down and wait. Great box overall really enjoyed the struggle!

Need help with RCE I am able to execute commands (like normally if you put your ip you will get 2 pings but I am able to do 4 more(widows default)), tried downloading nishang InvokePowershell but I am not getting reply back on my python server

Any help on RCE Point. I am stucked at this point.

Type your comment> @limbernie said:

There’s a famous lookup service on UDP.

This really helped A LOT… Thank you!

Now, how can I get a shell from the system? It seems the filesystem is not writable. Any help?

Edit: got user a few hours before the box retires! This box is a b**** but it was totally worth doing even part of it. The hard work you have to put into this is mainly about researching and really understanding technologies. Also NOT OVERTHINKING THINGS… reuse and try the obvious… not doing these things sure wasted a few of my hours.

It also motivated me to learn a little more about my commonplace tools – like did you know that Firefox developer mode will save a request as a cUrl command? I’ve also finally started to use tmux to real advantage (thanks @ippsec ).

Thanks to the creators!

doing ethereal following 0xdf writeup. Stuck at the last step.
I thought there was a problem with the signature of my msi, but actually…
the file is not “consumed”
There should be a script (mentioned by 0xdf) at the end here:

that moves MSI files to a rupal directory before processing, every 5 minutes.
My msi stays under d:.… after 20 minutes and is not moved, so it’s not consumed.
How can that be possible? The msi should disappear from the d:.… folder and it doesn’t.
And I have already reset the machine and started from the beginning…

After one more reset it has just worked!