Bastion

Currently stuck at mounting the the VHD. Based on some articles my command seems to be correct however it’s still failing to mount. I think it’s a problem with guestmount… Any help would be appreciated.

rooted. Thanks for all of the hints on the forums. Super thanks to kmahyyg!

rooted: good box need help pm

nice box. took a bit of digging, but got root and user from kali.

Was trying how to browse the files. Is it possible to view the files without using windows? Maybe kali?

Type your comment> @pzylence said:

Was trying how to browse the files. Is it possible to view the files without using windows? Maybe kali?

you mean vhd files?

guestmount, google it (I don’t want spoil too much, but there is a stackoverflow question with the right command)

then nautilus will let you browse them

got User (faced problems with samdump, as it dump blank password)

for root I got encrypted password from config file, but can’t figure out how to decrypt it.
I tried to copy xml to windows and open it from the program and failed.
I tried to decrypt the password using .rb file and .js files found online but fail with some error related to `final’: bad decrypt, when adding padding it gives me rubbish characters.
and I can’t figure out how to create the jar file. I also tried the MSF exploit related to the application and it gave me nothing :anguished:

rooted thanks to 0xNoOne script

Type your comment> @vmonem said:

rooted thanks to 0xNoOne script

Glad my script helped you out! I faced the same issues as you with the ruby script, since it was for decrypting an older version of mremoteNG. So decided to work on a Python script that would work on the version on this box.

Here’s the link to the script in case anyone else finds it useful:
secret link

Let me know if you notice any errors with the script, or if this post is breaking any rules :slight_smile:

rooted thanks to 0xNoOne script

Glad my script helped you out! I faced the same issues as you with the ruby script, since it was for decrypting an older version of mremoteNG. So decided to work on a Python script that would work on the version on this box.

Here’s the link to the script in case anyone else finds it useful:
secret link

Let me know if you notice any errors with the script, or if this post is breaking any rules :slight_smile:

plaintext = cipher.decrypt_and_verify(ciphertext, tag)

ValueError: MAC check failed
@0xNoOne

Rooted this box - thanks for creating such an enjoyable box @L4mpje.

I did this all using Kali and learned quite a lot of things that I didn’t before I started so I’ve had to update my notes.

User: It was straight forward but had a few issues getting older versions of samdump2 and bkhive installed to generate a file from S** and SY****.

Root: This can be done in quite a few different ways, I did a few of them once I had got the flag for experience and note taking, a pretty worthwhile exercise.

If you need any hints let me know.

Rooted, thanks @L4mpje for creating this box. Had a great time with it.

I completed this without the need for a windows VM which was great. I had a similar issue @gm0 , but samdump2 can do everything bkhive could from what I found on the internet. So I was able to create the h***.txt with the files on the .v*d. I’ve only rooted the box one way. *R*****NG was the way I got in. Would you mind PMing me the details of the other ways?

As always, if anyone needs any help, drop me a PM.
HF

@gm0 Samdump2 can do everything bkhive could from what I found on the internet. So I was able to create the h***.txt with the files on the .v*d. I’ve only rooted the box one way. *R*****NG was the way I got in. Would you mind PMing me the details of the other ways?

As always, if anyone needs any help, drop me a PM.
HF

guys my command get on top of the vhd horse is erroring out, Anyone to help?

I’m pretty stuck on this, wondering if anyone can help out. I’ve got the User credentials from the backup but can’t find a way to use that towards actually getting User. I’ve used it to authenticate to R*C (via r*ccl**nt) but can’t seem to actually do anything with that. Any pointers or nudges would be greatly appreciated.

Edit: Got it, thanks for the PMs.

Really am dying on root for this one… any hints welcome… I think ive done all my brain could conjure up as far as priv esc… just need a nudge… thanks.

Nice machine, really a lot to learn. Thanks to @HEXE and @Chrix87 for their help.
Root is not complicate i think get user it is not so easy, but I used only Kali.
Thanks to @L4jmpje

Hi, can Anyone help me?

I’m stuck, i mount the vhd and search inside but i didn’t find anything useful.

I don’t know what else to do.

If I try to guestmount the B*****p nothing ends up in my local directory, any ideas?

Feel free to PM

Ping me I have a doubt