still on my road to foothold: so far I’ve found a bunch of users. got a password for one of them. that led me to some kind of config file with a “password” for CSh . The port looks like it is LP
Any hints for using/cracking this? or is this a rabbit hole?
Any hints for using/cracking this? or is this a rabbit hole?
Not a rabbit hole really, but you might want to avoid focusing on what service you think should be running on the port. As far as I am aware, it isn’t.
You need to dig into more of the files around where you found that hash. Read them in detail and check what they point to.
If you find one mentions a place you can access, access it and enumerate more. Here you can understand enough to turn the hash into something you can actually use.
rooted. Not entirely sure how I feel about it, I think it would be less tricky if the breadcrumbs were not so well hidden.
+++
Okay so I’ve had a night to sleep on it. I believe that each step is not really that hard, that said as a programmer, the compiling running and reversing executables is quite straightforward and there are tools that make it super simple.
My issue is still that the clues were really hard to find.
in summary I think this is a good box, but probably not easy
Initially did it with unintended method but I’m glad I re-did it with intended. Learned some new Windows stuff I never knew even was possible.
As others have said, I definitely feel this box deserves a higher difficulty rating. For me it was a bit similar to Obscurity so I would give it a Medium.
You need to dig into more of the files around where you found that hash. Read them in detail and check what they point to.
If you find one mentions a place you can access, access it and enumerate more. Here you can understand enough to turn the hash into something you can actually use.
in one of the files there are paths to a dir I can’t access yet. I overlooked something, I guess Will try harder …
Finally rooted the intended way, superb box @VbScrub! As people have mentioned would definitely classify this as a medium, but it is definitely one of the more fun and rewarding boxes I have pwned. A variety of skills are required, and you might have to brush up on some knowledge as well. You’ll learn!
User: Don’t worry about poppin’ shellz, that’s not happening until root. Read everything carefully. If you think a room is too dark to go in, keep going! (But careful reading might get you your flashlight). The last step to user requires some skills that hide in the author’s name.
Root: The file you find is obviously interesting, but where are Are Dis Stuff?? Once you got access to the service, you unlock some cool functionality. Don’t stray too far - and don’t forget what you’ve seen. Combine this with what you had before and profit!
So I found a temp username and password but when I try to use it I get a “Failed to connect with smb1 – no workgroup available” error. A nudge would be appreciated
Hi, I am at this point. I login with this user. And I it works with other connection native in Windows (not sure what can we reveal here). But I am a bit stucked because I am new and I don’t know taking advantage what I found. Anybody do it via bruteforce techniques?