Nest

I hate this one. I’m quite bad at Windows, but I’ve completed machines like Forest. This one I’m not having fun nor getting anywhere.

Hi all,
Can anyone PM me to help on cracking stuff? Currently I got the string and I know what exactly that I have to do with the corresponding stuff, but I just don’t have a windows machine and I cannot successfully execute the stuff on my linux, would be great if someone can share the way to successfully get the output.
Thanks

How does one crack the admins password? ne1 pm?

I found something, which can be used for the last step, but actually it is nothing. Is it a rabbit hole?

Type your comment> @TazWake said:

@Mouuzartt said:

sooo what sohuld i use instead of ssh to get inside the machine? because i tried to install from github psexec.py but it is giving me a fatal error: repository not found and im getting rly frustrated because this was going to be my first machine being solved, but it looks like is not going to happen. pls help me out

First off, you need to have run nmap or something similar to determine what ports are available.

This tells you what you can use and would have saved you a lot of time by showing there was no SSH service listening.

How did you find the username and password which you tried to use over SSH? Because I would suggest that might be a good way to maintain access.

As for the other port, the thread here suggests using telnet rather than netcat.

i used nmap yeah but forgot that couldnt use ssh if wasnt there, mb. I found the credentials using smbclient and then navigating through the files, but now idk where to use the credentials, thats my only problem now

@TazWake said:
@Mouuzartt said:

sooo what sohuld i use instead of ssh to get inside the machine? because i tried to install from github psexec.py but it is giving me a fatal error: repository not found and im getting rly frustrated because this was going to be my first machine being solved, but it looks like is not going to happen. pls help me out

First off, you need to have run nmap or something similar to determine what ports are available.

This tells you what you can use and would have saved you a lot of time by showing there was no SSH service listening.

How did you find the username and password which you tried to use over SSH? Because I would suggest that might be a good way to maintain access.

As for the other port, the thread here suggests using telnet rather than netcat.

And i already tried telnet, but it just keep saying trying to connect and then it times out

Type your comment> @Mouuzartt said:

@TazWake said:
@Mouuzartt said:

sooo what sohuld i use instead of ssh to get inside the machine? because i tried to install from github psexec.py but it is giving me a fatal error: repository not found and im getting rly frustrated because this was going to be my first machine being solved, but it looks like is not going to happen. pls help me out

First off, you need to have run nmap or something similar to determine what ports are available.

This tells you what you can use and would have saved you a lot of time by showing there was no SSH service listening.

How did you find the username and password which you tried to use over SSH? Because I would suggest that might be a good way to maintain access.

As for the other port, the thread here suggests using telnet rather than netcat.

And i already tried telnet, but it just keep saying trying to connect and then it times out

Did you specify the port?

i used, “telnet 10.10.10.178 13531” because i found on the internet that this was the command. and the only port that i guet open on with the nmap it’s 445

@FLameDay said:
Type your comment> @Mouuzartt said:

@TazWake said:
@Mouuzartt said:

sooo what sohuld i use instead of ssh to get inside the machine? because i tried to install from github psexec.py but it is giving me a fatal error: repository not found and im getting rly frustrated because this was going to be my first machine being solved, but it looks like is not going to happen. pls help me out

First off, you need to have run nmap or something similar to determine what ports are available.

This tells you what you can use and would have saved you a lot of time by showing there was no SSH service listening.

How did you find the username and password which you tried to use over SSH? Because I would suggest that might be a good way to maintain access.

As for the other port, the thread here suggests using telnet rather than netcat.

And i already tried telnet, but it just keep saying trying to connect and then it times out

Did you specify the port?

oh, now i used the port after the ip and it says connected but when i type something just appear “connection closed by foreign host”

USER: completed.
ROOT: found the exe file, but not sure on how to use it, since I have not a shell on the machine (I took user flag through smbclient…)
furthermore, I have not found the high port, even after nmap/masscan… any hint?

Type your comment> @sniperhack said:

USER: completed.
ROOT: found the exe file, but not sure on how to use it, since I have not a shell on the machine (I took user flag through smbclient…)
furthermore, I have not found the high port, even after nmap/masscan… any hint?

how did u make that with smbclient. I already found some credentials on the Template, but idk where to use those credentials, can u help me out

@Mouuzartt sometimes it’s necessary to check all 65535 ports not just top 1000 :slight_smile:

Type your comment> @Mouuzartt said:

Type your comment> @sniperhack said:

USER: completed.
ROOT: found the exe file, but not sure on how to use it, since I have not a shell on the machine (I took user flag through smbclient…)
furthermore, I have not found the high port, even after nmap/masscan… any hint?

how did u make that with smbclient. I already found some credentials on the Template, but idk where to use those credentials, can u help me out

What about, you connect to open ports with these credentials.

I think I need debug password to read config file but how to get debug password when file is 0 byte long

Type your comment> @Cli3nt said:

Type your comment> @Mouuzartt said:

Type your comment> @sniperhack said:

USER: completed.
ROOT: found the exe file, but not sure on how to use it, since I have not a shell on the machine (I took user flag through smbclient…)
furthermore, I have not found the high port, even after nmap/masscan… any hint?

how did u make that with smbclient. I already found some credentials on the Template, but idk where to use those credentials, can u help me out

What about, you connect to open ports with these credentials.

due my question its only how! because i have no clue of how to connect, i already tried tellnet and it says connected, but then it just says somethinf like connection lost by remote host

Type your comment> @rholas said:

I think I need debug password to read config file but how to get debug password when file is 0 byte long

Stuck on the same step :slight_smile:

@Mouuzartt said:
Type your comment> @Cli3nt said:

Type your comment> @Mouuzartt said:

Type your comment> @sniperhack said:

USER: completed.
ROOT: found the exe file, but not sure on how to use it, since I have not a shell on the machine (I took user flag through smbclient…)
furthermore, I have not found the high port, even after nmap/masscan… any hint?

how did u make that with smbclient. I already found some credentials on the Template, but idk where to use those credentials, can u help me out

What about, you connect to open ports with these credentials.

due my question its only how! because i have no clue of how to connect, i already tried tellnet and it says connected, but then it just says somethinf like connection lost by remote host

You got user already? If not, then just leave the high port for the moment.

@Mouuzartt

due my question its only how! because i have no clue of how to connect, i already tried tellnet and it says connected, but then it just says somethinf like connection lost by remote host

try smbclient -h and check the options, you’ll figure out the syntax. If not google a bit :wink:

Type your comment> @rholas said:

I think I need debug password to read config file but how to get debug password when file is 0 byte long

exactly, I think that too.
We should be able to see files with that program, using that functionality… but we need THAT password, and THAT file is actually empty…

What can i do with those VB scripts ? can anyone give me a nudge?