Bastion

hint root: The exploit for m*****g for me doesnt work, I took the hash and applied manual decrypt, only you have read and understand the code in python
let me PM if you stuck

Type your comment> @ktlcatr said:

I got user.txt and root.txt
It’s very instructive machine

hint plz after listing all installed program in vhd> @JolIg0n said:

I have got the user and I can connect to the machine and see the vulnerable application, I have found how to exploit that vulnerability but to run the exploit I need a session in meterpreter and this is where I am giving problems, from msfconsole if I convert the one I do with the ssh does not convert and I do not know what to do anymore, if I upload a back door to execute it from the session ssh does not connect me either, someone who can send me a private please do not know what I do not do well
I also got the ruby file and I copied the file to my computer but it gives me an error when I pass the ruby command

can you tell me vulnerable application in PM?

Type your comment> @Kwicster said:

Just rooted. Running this root in a Windows VM or machine makes it pretty straightforward. Not actually sure if there is a way from a Linux box. No cracking needed fyi

I mount vhd file and list all installed programs can you u give me next hint ? SA* file matter ?

666 replies

nice…

finally got root after a couple of rabbit holes. learned a lot doing this all in Kali. I’m curious to know if there was another way to get root. I really thought 1 of the rabbit holes was promising.

Can anyone PM if they know?

Type your comment> @Blu3wolf said:

Type your comment> @dajukeboxhero said:

I am at a complete loss. I have access to the file i need to decrypt to get the admin info. i can see what i need to decrypt but the process is horrible. I’ve spend two full days trying different things and i can’t get it to work. can somebody please help push me to the right direction because i’ve downloaded the program but it won’t let me switch the files out and i have no way to decrypt it on kali even though i’ve been trying. any help would be appreciated.

if you using Kali there 2 tools that can help you:

  1. Ha** ID
  2. J*** The R*****
    check your syntax maybe you got it wrong.
    in that Note Thanks to @L4mpje for great machine i learn some new stuff.
    it wasnt easy but after you understand it you will laugh how easy things can be !
    the answer for start attacking just in front of you after Nmap just read the all resaults !
    syntax syntax and again syntax…
    google + reading resualts will make your life easier !
    User : i got some help with the syntax and got it.

Root : with the user you can see a lot just basic windows programs nothing else . (Hint)

if you got stuck PM i will help.

which basic program? SA*??

which basic program? SA*??
is it basic program SA* ? its file…the answer is inside the quote just take a step back and read it…

unable to locate package libguestfs-tools . error need help in Bastion Machine

Got root

User through windows, just because it’s easy to mount .***

No windows needed for root

Guys, After finding c*******.X** file, what’s next?
I have tried two scripts, but no luck!!!
Any nudge will be highly appreciated!

I’m having script issues and getting a MAC error. I think I know what I am missing but I am receiving connection errors from the server.

  • Achieved root without using the script. Would appreciate any assistance on what caused the MAC error though.

Can anyone give me a hint about user about pass lenght, I’m cracking the password and already at 12 letters. Am I doing something wrong?

Finally done with it. Rooted in Parrot Sec . Lost a lot of time not using s** . And had to learn how to search in CMD.

Rooted! Really awesome box, and first attempt at Windows box. feel free to pm if you need a nudge!

great Box!! Learned allot. i was able to get user and root 100% using linux. never had to spin up a windows VM.

I have mounted those files in linux machine but can’t find user.txt in the Desktop. Please help me

This box is awesome and amazing, learned lot of things about mounting remote drive to local filesystem.

@Azeroth, you won’t find it there. There is another couple of steps before you get there.

Scored root on Bastion. If anyone needs a nudge, PM me.

Hint: Enumerate, Enumerate, enumerate.

See which users are on the box, what is installed, and what is running. Go snooping from here.

This box has been more entertaining than I thought, thx so much @L4mpje

  • User hint: A proper enumeration should lead you to the right “path”, but sometimes you can take the path

  • Root hint: Google is your best friend in these cases, being a simple box you don’t have to get dizzy

PM me in case you need some hints, GL&HF everyone !