Bastion

1111214161723

Comments

  • rooted. Thanks for all of the hints on the forums. Super thanks to kmahyyg!

    vldkak

  • rooted: good box need help pm

  • nice box. took a bit of digging, but got root and user from kali.

  • Was trying how to browse the files. Is it possible to view the files without using windows? Maybe kali?

    pzylence
    OSCP

  • Type your comment> @pzylence said:

    Was trying how to browse the files. Is it possible to view the files without using windows? Maybe kali?

    you mean vhd files?

    guestmount, google it (I don't want spoil too much, but there is a stackoverflow question with the right command)

    then nautilus will let you browse them

    Hack The Box

  • edited June 2019

    got User (faced problems with samdump, as it dump blank password)

    for root I got encrypted password from config file, but can't figure out how to decrypt it.
    I tried to copy xml to windows and open it from the program and failed.
    I tried to decrypt the password using .rb file and .js files found online but fail with some error related to `final': bad decrypt, when adding padding it gives me rubbish characters.
    and I can't figure out how to create the jar file. I also tried the MSF exploit related to the application and it gave me nothing :anguished:

  • rooted thanks to 0xNoOne script

  • Type your comment> @vmonem said:

    rooted thanks to 0xNoOne script

    Glad my script helped you out! I faced the same issues as you with the ruby script, since it was for decrypting an older version of mremoteNG. So decided to work on a Python script that would work on the version on this box.

    Here's the link to the script in case anyone else finds it useful:
    secret link

    Let me know if you notice any errors with the script, or if this post is breaking any rules :)

  • edited June 2019

    rooted thanks to 0xNoOne script

    Glad my script helped you out! I faced the same issues as you with the ruby script, since it was for decrypting an older version of mremoteNG. So decided to work on a Python script that would work on the version on this box.

    Here's the link to the script in case anyone else finds it useful:
    secret link

    Let me know if you notice any errors with the script, or if this post is breaking any rules :)

    plaintext = cipher.decrypt_and_verify(ciphertext, tag)

    ValueError: MAC check failed
    @0xNoOne

  • Rooted this box - thanks for creating such an enjoyable box @L4mpje.

    I did this all using Kali and learned quite a lot of things that I didn't before I started so I've had to update my notes.

    User: It was straight forward but had a few issues getting older versions of samdump2 and bkhive installed to generate a file from S** and SY****.

    Root: This can be done in quite a few different ways, I did a few of them once I had got the flag for experience and note taking, a pretty worthwhile exercise.

    If you need any hints let me know.

  • edited June 2019

    Rooted, thanks @L4mpje for creating this box. Had a great time with it.

    I completed this without the need for a windows VM which was great. I had a similar issue @gm0 , but samdump2 can do everything bkhive could from what I found on the internet. So I was able to create the h**.txt with the files on the .vd. I've only rooted the box one way. *R*****NG was the way I got in. Would you mind PMing me the details of the other ways?

    As always, if anyone needs any help, drop me a PM.
    HF

  • @gm0 Samdump2 can do everything bkhive could from what I found on the internet. So I was able to create the h**.txt with the files on the .vd. I've only rooted the box one way. *R*****NG was the way I got in. Would you mind PMing me the details of the other ways?

    As always, if anyone needs any help, drop me a PM.
    HF

  • guys my command get on top of the vhd horse is erroring out, Anyone to help?

    LordeDestro

  • edited June 2019

    I'm pretty stuck on this, wondering if anyone can help out. I've got the User credentials from the backup but can't find a way to use that towards actually getting User. I've used it to authenticate to R*C (via r*ccl**nt) but can't seem to actually do anything with that. Any pointers or nudges would be greatly appreciated.

    Edit: Got it, thanks for the PMs.

    Hack The Box

  • Really am dying on root for this one... any hints welcome... I think ive done all my brain could conjure up as far as priv esc... just need a nudge.. thanks.

  • Nice machine, really a lot to learn. Thanks to @HEXE and @Chrix87 for their help.
    Root is not complicate i think get user it is not so easy, but I used only Kali.
    Thanks to @L4jmpje

  • Hi, can Anyone help me?

    I'm stuck, i mount the vhd and search inside but i didn't find anything useful.

    I don’t know what else to do.

  • If I try to guestmount the B*****p nothing ends up in my local directory, any ideas?

    Feel free to PM

  • Ping me I have a doubt

  • Type your comment> @rheaalleen said:

    If I try to guestmount the B*****p nothing ends up in my local directory, any ideas?

    Feel free to PM

    You shud guestmount the file.. and not the B**** directory

    I Love Ice Creams

  • I have a question, so I've mounted the VHD file using guestmount, then after that I've searched through the directories but so far I didn't find anything interesting. Any hint where I can find that "file"?

  • Type your comment> @M160 said:

    I have a question, so I've mounted the VHD file using guestmount, then after that I've searched through the directories but so far I didn't find anything interesting. Any hint where I can find that "file"?

    someone already called this file USA uncle..

    Don't you know the USA uncle?

    then google his location , if I remember VHD wasn't only one, if you cant find the uncle here then try the other one

    Hack The Box

  • @HEXE thanks, I got the creds and was able to go through :+1:

  • edited June 2019

    Big thanks to @0xNoOne and @L4mpje <3 . Rooted the box with pure Linux.
    Learned a lot here. My hints for the following:

    USER:
    The guy in Transformers Movie

    ROOT:
    you have to find something here. knowing the windows command-line will help you here.
    after that you have to decipher.

    :)

  • edited June 2019

    Got root! Thanks for all the hints to everyone in this thread and thanks to @L4mpje for this cool box. I thoroughly enjoyed this box... even through banging my head against the wall trying to figure out the next step. I really learned A LOT on this box.

    I'm also relatively novice when it comes to this, so any new members here's some hints I wish I could have gotten:

    For user: You need to understand how a password is stored on a system, look this up first. There is a program that you can use afterwards that will help you further that you will probably have to download. Google for cracking stored NTLM passwords or something along these lines - Hope this isn't to much of a hint, remove if necessary

    For root: Don't get hung up on what you are more than likely hung up on, if it doesn't seem right it probably isn't. Google everything you find on this system and it will jump at you like a spider monkey. Also always remember dir doesn't always list all the directories.

    Edit: PM if you need help. I don't bite.

  • Please ping me who completed bastion i have a doubt on it

  • Wow. Ended up using windows at the end there. I have an idea about how to do it without it, might try it for kicks later.

    User did with Kali entirely. Gotta learn about what the tastiest files to grab from a windows machine might be in order to get user.

    For root.. find that non-standard thing installed and google a bunch. Then maybe hop on your windows box..?

    DM me if you need a nudge. lmk where you're at.
    Also DM if you did root without windows, want to confirm if I know how you did it.

    rub1ks
    Find me on Discord: rub1ks #4045

  • Nailed user, Onward and upwards to root!

  • @juggydancesqd said:
    Nailed user, Onward and upwards to root!

    And rooted! good fun this one, Give me a nudge if you want a hint

  • having issues on mouting .vhs files, it's seems like guestmount stays on "supermin: ext2: copying files from host filesystem"

Sign In to comment.