Bastion

Looking for a hint on mounting the share. Tried mount and guestmount without success

got user…any hint for root? no clue where to begin

Type your comment> @B3LL4T0R said:

Guys I found the RCE!

@Xess said:
Finally rooted! Got user through kali then root partly through Windows… would love to know how to do root purely in kali, if anyone has done it that way i’d be interest to know how! :slight_smile:

how did you got the root ?? i am new in this so help me

Can anyone help me with user? I can’t download the vhd files, whenever I try the connection just drops

Just finished it up, very fun box and felt very similar to some pen tests I have done. Shoot me a DM if you are stuck!

ROOTED !!

Learned a few things…
PM me for hints.

Allright i am sorry but i am stuck with the VHD files , don’t know what to do with them, yes i have got them but i don’t know how to extract any useful thing from them,any nudge in the right direction will be appreciated

Type your comment> @loln00b said:

Rooted the machine. Getting user was a lot harder for me then root. If you need assistance feel free to PM me on here or on Discord.

Hints for this box:
User - Enumerate, no need to transfer, well known tool for mounting guests, get files pertinent to windows general security, extract what you need from it

Root - Find unique program with well known vulnerabilities, get what you need from it and bite the bullet and use a Windows VM matching environment as close as possible.

was wondering if someone can help me with qemu part… I am able to mount it. I see it in fdisk, but I can’t mount the nbd

Type your comment> @barondune said:

was wondering if someone can help me with qemu part… I am able to mount it. I see it in fdisk, but I can’t mount the nbd

I found the issue. For those of you not able to find nbd0p1 when attempting to mount, use " sudo postprobe " (just like that)

I used it before and after the qemu-nbd not 100% sure but it looked like the after one worked.

Sudo postprobe will create the ndb0p1 amd you should be good to continue as normal. Its a bug in newer debian kernals. (I had the issue on both kali and slingshot vm)

I can not mount the image even if it appears on the fdisk, if someone gives me a hand I will thank you very much

got user. i’m working on root !

PM for user hints !

ROOTED: without Windows VM and without the java code, just some good lines of python are enough.

Finally, I got rooted! Thanks, @L4mpje for your creating the one awesome window machine. I’ve learned window pentest skill. Can’t wait for the @ippsec video or @0xdf walkthrough to see a different way to do this machine. If you got stuck PM feel free to me. :slight_smile:

Just rooted, anyone up for a discussion on their approach. Would like to know more from people who have rooted only by linux and if someone went from root to user instead of user to root.

Type your comment> @diable said:

Just rooted, anyone up for a discussion on their approach. Would like to know more from people who have rooted only by linux and if someone went from root to user instead of user to root.

Same here, if anyone rooted without using the “oficial software” , lets talk, i want learn =))

Anyone needing help, feel free to pm me.

Nice box. Root part with the help off a Windows VM.
Wondering indeed if that would be possible using Linux

so many people who do not use windows as a host? It’s pretty easy and oscp-like from windows :slight_smile:

scrap that, got the hash worked out