Nest

Type your comment> @VbScrub said:

@z3r0shred said:

This box is amazing! Really love it! Good job on this pal! and yeah, i’m stuck on that file you’re talking about xD, trying my best rn hahah!

Glad to hear you’re doing it the intended way :slight_smile: oh and someone else confirmed that part can be done from Linux

I hope so, hahaha!

News from the Discord is that a patch is being worked on. Those who want to do it the intended way can either try to stay away from things that clearly look like a mistake or wait trying to pwn the box until tomorrow.

At the very least please don’t do it the unintended way and then leave a 1 star “lol 2 ez man this sux” rating…

Services don’t even reveal anything at this point. Have tried switching servers. I can see the open ports, but enumeration displays everything as closed or broken. Going to wait until tomorrow. What a shame.

Edit: Box was hosed. Go easy, people…

Was an easy box but i was st struggling because of my own non-experience sh*t but squid22 helped me a lot and that machine taught me lot of things.

ok I know that some ppl rooted the box with an unintended way, but I just got root without even exploiting anything!
I was just enumerating, no metasploit or any other attack tools of any kind, just basic enumeration.
Am i missing something?

Spoiler Removed

got root but didnt find user flag lol

So I found a temp username and password but when I try to use it I get a “Failed to connect with smb1 – no workgroup available” error. A nudge would be appreciated

ok I know that some ppl rooted the box with an unintended way, but I just got root without even exploiting anything!
I was just enumerating, no metasploit or any other attack tools of any kind, just basic enumeration.
Am i missing something?

Confirmed that this is the same “exploit” other people have been using to do it the unintended way.

Basically the ACL on the service control manager has somehow gotten messed up and is allowing all users to create system services. Already got a fix for it and just waiting for it to be applied and rolled out across the servers

@clubby789 said:
Anyone having trouble with the high port:
NC doesn’t work (who knows why). Use telnet

Weird. It works with both putty and telnet perfectly fine

so is the file in d***\I*\Co***\RU******r some new hash?

what do you mean by “new hash”? Its an encrypted password. Its up to you to find out how to decrypt it :slight_smile:

Type your comment> @VbScrub said:

what do you mean by “new hash”? Its an encrypted password. Its up to you to find out how to decrypt it :slight_smile:

that’s what I was hoping and not some rabbit hole :slight_smile:

Late to the game, is the box patched yet ?

Found that password hash and trying to figure out what to do with it…

got that unintended way, sorry for that … but remember young padawans, this is the path to the dark side…

anyway, i’m on my way with the intended way, go user pass so far :slight_smile:

Is the high port needed for initial foothold/user? so far all i’ve done is enumerate some users on the obvious service and get access denied everywhere. hints are welcome :slight_smile:

Got user intended method, really interesting!

Spoiler Removed

Thx for responding to all our questions on here btw. Massive respect dude !

@VbScrub said:

Again apologies for this being such a messy launch.

Don’t beat yourself up about this - it’s not the messiest launch I’ve seen. It’s easy to avoid the “Unintended” methods and if you do, it’s fairly fun.