Bastion

Rooted. I’ve wasted much time in getting root.

USER: It’s easy if you know to use a specific related to Windows registry.

ROOT: It’s easy when you have already discovered that stuff, but meanwhile you can break your brain till do it. The biggest hint I can give is, forget keep tracking the registry files because you won’t find anything relevant and you could waste a lot of time looking those files from ■■■■.

I read through most of this thread when I was stuck getting the user’s password and saw a lot of people mentioning just getting the S*M file and brute force cracking the password hash. That seemed a bit weird to me, as it could take a very long time (I tried normal password lists and got nothing) and I assumed this is probably not what the creator intended us to do. So I did a bit more digging and found the user’s password somewhere else, that did not require a dictionary or brute force attack. I won’t spoil anything, but just wanted to post this in case other people are bored of trying to just brute force crack an NTLM hash like I was.

Rooted and User-ed! 1st HTB box down! Can do the whole thing in Kali Linux, and a great many of you are on the right track - have been using this thread to see if I was going off on a tangent.

My first Windows Box and even a nice one. Thanks, was fun!

Make sure to activate the Virtualize Intel VT from your CPU in the VM Settings otherwise you can’t mount inside kali another thing.

USER complete, been working on ROOT now for 2 days. I see the m******** app but the only thing I can find to exploit the monster is MSFCONSOLE. This being said, rev shell is not giving feedback unless I am on normal s** session. I have googled ways to achieve what m******* gives you but the only thing I can find is darned msf. Any assistance to do this without msf would be fabulously appreciated! Thanks all!

root@10.10.10.134#whoami
root

Bastion completed …Don’t hestiate to ping me.I am always for helping

Rooted in Kali. I would advise to try and use a Linux machine only, to practice mounting. That’s the hint for the user.
As for root, check the programs installed and then Google it.

I can confirm that you can root this box without a Windows VM (unless you don’t use Windows at all). I used Kali and then my fully patched Windows 10 desktop and that was all.

Great box. Very realistic :slight_smile:

I use ‘guestmount’ some.vhd file from /B****ps to ‘/mnt/vhd’ but I don’t see anything. Can anyone help me?

I mounted wrong vhd. so I’ll do next step.

Can anyone help me out with the initial enumeration? I can’t seem to properly look into the S** service as expected. Probably doing something silly.

edit: nvm, i was being dumb

Hi all.
this was my first box and it took a while but I gained user/root eventually. Just wanted to say thanks to everyone in this discussion. I needed a little nudge to pull me out of the rabbit hole when it came to gaining root.

much appreciated
Thank you

Type your comment

First box ever, been trying to brute force the ssh login with wordlist any hints? will be appreciated.

Is the Bastion box down this past couple days? I haven’t been able to access it with nmap, nor will it mount the network or the vhd.

Alright, day 4 of privesc and I am really missing the nail here lol. I am lost on how to utilize the .py apps to dump the hashes out of r*****n and at this point Im not really learning. If anyone could please PM me a hint as to whether or not I need to move in a diff direction or if Im on target and just need to try harder!
THanks!

Rooted. I used Kali and and my host Windows machine.

If anyone needs a hint let me know.

Can anyone help me with the initial enumeration? Found the ports, and the services running. I tried looking into s** but i am just stuck. I have looked into creating n*** sessions but I am not sure where I am going wrong.

what do i do when im in desktop ?? sorry for stupid question :pensive: