Nest

ok I know that some ppl rooted the box with an unintended way, but I just got root without even exploiting anything!
I was just enumerating, no metasploit or any other attack tools of any kind, just basic enumeration.
Am i missing something?

Confirmed that this is the same “exploit” other people have been using to do it the unintended way.

Basically the ACL on the service control manager has somehow gotten messed up and is allowing all users to create system services. Already got a fix for it and just waiting for it to be applied and rolled out across the servers

@clubby789 said:
Anyone having trouble with the high port:
NC doesn’t work (who knows why). Use telnet

Weird. It works with both putty and telnet perfectly fine

so is the file in d***\I*\Co***\RU******r some new hash?

what do you mean by “new hash”? Its an encrypted password. Its up to you to find out how to decrypt it :slight_smile:

Type your comment> @VbScrub said:

what do you mean by “new hash”? Its an encrypted password. Its up to you to find out how to decrypt it :slight_smile:

that’s what I was hoping and not some rabbit hole :slight_smile:

Late to the game, is the box patched yet ?

Found that password hash and trying to figure out what to do with it…

got that unintended way, sorry for that … but remember young padawans, this is the path to the dark side…

anyway, i’m on my way with the intended way, go user pass so far :slight_smile:

Is the high port needed for initial foothold/user? so far all i’ve done is enumerate some users on the obvious service and get access denied everywhere. hints are welcome :slight_smile:

Got user intended method, really interesting!

Spoiler Removed

Thx for responding to all our questions on here btw. Massive respect dude !

@VbScrub said:

Again apologies for this being such a messy launch.

Don’t beat yourself up about this - it’s not the messiest launch I’ve seen. It’s easy to avoid the “Unintended” methods and if you do, it’s fairly fun.

guess i am on the list of unintended as well. i thought i was doing so well. we will see how it goes tomorrow when i try again?

NT AUTHORITY\SYSTEM

@VbScrub don’t worry about it too much mate, if you’ve learned anything from this experience then no stress

Any hints on how to decode this weird base64 hash?

rooted!!! hit me up for nudge

the hash is definitely encrypted not encoded so there has to bo some hint out there…

Type your comment> @facelessCoder said:

rooted!!! hit me up for nudge

I presume you speak of intended way

Type your comment> @edspiner said:

Type your comment> @facelessCoder said:

rooted!!! hit me up for nudge

I presume you speak of intended way

I’ve messaged him to ask haha cos so far I’m not sure if anyone has actually done it the intended way. There’s a couple of people that are close, going by the messages they’ve sent me, but no one confirmed they’ve got to the end yet.

@VbScrub said:

Type your comment> @edspiner said:

Type your comment> @facelessCoder said:

rooted!!! hit me up for nudge

I presume you speak of intended way

I’ve messaged him to ask haha cos so far I’m not sure if anyone has actually done it the intended way. There’s a couple of people that are close, going by the messages they’ve sent me, but no one confirmed they’ve got to the end yet.
Sampriti said he did both parts properly