fucking awesome machine. I learned a lot!!! This was painful, but it was cuz I’m windows noob
My hints:
for user try to play with cookies, I think some has released an exploit (is new)
Them play with the wonderful fruit
Root: this was my fucking pain. Whatever you are doing, don’t use you the shell that you got (I know is strange)
Thanks for this. I have to many question about the creation process for this box. I would like to know how did you do everything, if anyone can tell me, It would be appreciated
Apparently I’ve gone a couple miles down the unintended path. I don’t see any way forward that doesn’t involve targeted hash cracking. There are enough hints for that to be viable, I’d think, but it hasn’t gotten me anywhere. Maybe I overlooked something in the mountains of mimikatz documentation. I dropped a forensics lib to read the raw flags. I was hoping to get the metadata, but it only returned the contents. I think that should count, since I technically have the flags.
I saw where @egre55 was doing some things with calc.exe, so I’m wondering if a custom exploit is intended, though I don’t see how it could help me now. I guess I’ll go back to the users, since they each seem to have a purpose. I would like to know if the remoteaccess site is involved. A couple open ports make me think it might be, but I haven’t seen anything else to support it. Alright this stream of consciousness has gone on long enough. good talk
Totally stuck as NT auth shell. tried all kinds of mimikatz trick, not getting anything. Have some idea as to whats going on , E*S .Always lacking one/two component to decrypt something crucial to decrypting the next step/cred/cert…, any hints?? Its fun running all kinds of tools on this machine though
Stuck after decrypting a****-p***.xml. I was able to read that file, which results in a very long string. Someone suggested using PSCrl / SeS*g . Been having trouble using the content of that file to do anything. Anyone know the syntax? pm, thx
I was afraid of this box because it is red. And after start I had hard time on the most step in spite of all hints. But after rooting I say that it is real box with real-case situations.
It is very stable and it allows get additional hints from the result of work of other hackers.
And that is why it defenitely is worth the force and the time.
Rooted and got user! Holy ■■■■ I’m sure I didn’t do this the intended way because I f***ed this box HARD to get that to work. Hahaha. Okay, time to reset before anyone notices.
I have administrator hashes, can pass the hash with psexec but I cannot read the root.txt or user.txt. I see the XML file but having problems decoding it. I am on the file system looking for something to get/do. I would appreciate a hint int he right direction.
Congrats to @egre55. Solid box. I haven’t solved it yet, but I am determined to! Currently stuck after getting read access to the xml file. Probably should find a way to make that information useful, but I have run through all my ideas and need to seek guidance on where to go next.
Totally stuck with getting normal login done. Cannot find a way in this box. I know it sounds weird, but I think I know where to go, but do not know how.
If anyone can help me with reading flags, please PM. I’m able to login with two different users, but cannot read certain files. Any help is appreciated!