Bastion

This is my very first box and I’m stuck. Ive gotten the user flag, and have been trying to get root for hours now. The exploit I thought was going to work isnt giving me anything back. Anyone want to shoot me a dm or anything to get me into the right direction.

Hi, this is one of my first box and I learnt so much thanks to @L4mpje! Now I got User and I’ve been working on root for a while and I’ve enumerated and found the right exploit to use I think and found a ruby script but I cannot get it to work the way I want to. Could someone give me a little help?
Thank you!

Can someone pm me, i got the vhd and mounted, hashes don’t seem to work

Can someone PM me about what I do after JTR has cracked the hashes?

Edit: Use HashKiller and it will solve your problem. Got user onto root

Edit2: Got root PM if you need help

ok i have user but i’m really stuck on the root i’m almost sure what the app is but i don’t find any exploit

YEEEEAH i got root thanks every one for the tips. And thank you @L4mpje for my first box on the site, was 2 days of pure fun.

Root taken! it was not difficult, because I met such a situation in reality! thanks for the box @L4mpje!

i cant decrypt rooted password, script shows me error, any hints and advise

Please, can anyone help me to handle with mouting? Because i mount a folder from the server, but i can’t mount .vhd file and i have visited a lot of websites about “how to mount vhd”, but nothing can help me. I am really need your help!

I’m currently stuck on obtaining root. I know that it has something to do with mR*****N* app and I know where the CC.xml is located. The problem is decrypting the root pass. I know there’s a decrypting tool but not sure why it will not decrypt it. I would greatly appreciate the help!

Edit: I got root! This was a good box!

Type your comment> @loool said:

i cant decrypt rooted password, script shows me error, any hints and advise

Check the options of the script, you either use f or s, you will get it

Could somebody be willing to provide me some help. Please you can PM me! Thanks

could someone help me with the last step to get the admin pass. I have the file but don’t know what to do with it.

finally got this one, with the help of the forum hinters ofcourse, so thank you all!!
this was another great learning experience, with a few alternate solutions to go back and practice using tools on, so a big thanks to @L4mpje as well for making it!!

Thanks @L4mpje for a great first box and thanks for all of the hints on this forum! Definitely had a few /facepalm moments but an invaluable experience for my first foray into windows enumeration. Feel free to PM me with any questions

Type your comment> @ktlcatr said:

I got user.txt and root.txt
It’s very instructive machine

can you give hint me ?
i found vhd file

@hackgineer said:
finally got this one, with the help of the forum hinters ofcourse, so thank you all!!
this was another great learning experience, with a few alternate solutions to go back and practice using tools on, so a big thanks to @L4mpje as well for making it!!

hint plz what after finding vhd file?

Thanks @L4mpje, this was a nice box, certainly felt like a real world scenario.

Just to add it can be done with kali only, you don’t need a windows host to help. You just need to find the right tool(s) to use at each point.

hint root: The exploit for m*****g for me doesnt work, I took the hash and applied manual decrypt, only you have read and understand the code in python
let me PM if you stuck

Type your comment> @ktlcatr said:

I got user.txt and root.txt
It’s very instructive machine

hint plz after listing all installed program in vhd> @JolIg0n said:

I have got the user and I can connect to the machine and see the vulnerable application, I have found how to exploit that vulnerability but to run the exploit I need a session in meterpreter and this is where I am giving problems, from msfconsole if I convert the one I do with the ssh does not convert and I do not know what to do anymore, if I upload a back door to execute it from the session ssh does not connect me either, someone who can send me a private please do not know what I do not do well
I also got the ruby file and I copied the file to my computer but it gives me an error when I pass the ruby command

can you tell me vulnerable application in PM?