Nest

Type your comment> @asteer1 said:

Type your comment> @Boomer697 said:

(Quote)
this box was my first time looking at a vb code and i got the user in 2 hours

Managed to figure it out in the end with some help, call me a noob but that did not come easily lol

OK, done the “right” way, now. That was not easy. Not for me. But it was fun! Props to the creator! @VbScrub

still on my road to foothold: so far I’ve found a bunch of users. got a password for one of them. that led me to some kind of config file with a “password” for CSh . The port looks like it is LP
Any hints for using/cracking this? or is this a rabbit hole?

@theonemcp said:

Any hints for using/cracking this? or is this a rabbit hole?

Not a rabbit hole really, but you might want to avoid focusing on what service you think should be running on the port. As far as I am aware, it isn’t.

You need to dig into more of the files around where you found that hash. Read them in detail and check what they point to.

If you find one mentions a place you can access, access it and enumerate more. Here you can understand enough to turn the hash into something you can actually use.

someone for a little nudge??

rooted. Not entirely sure how I feel about it, I think it would be less tricky if the breadcrumbs were not so well hidden.
+++
Okay so I’ve had a night to sleep on it. I believe that each step is not really that hard, that said as a programmer, the compiling running and reversing executables is quite straightforward and there are tools that make it super simple.

My issue is still that the clues were really hard to find.

in summary I think this is a good box, but probably not easy

@kalitkd said:

someone for a little nudge??

Enumerate.

Type your comment> @TazWake said:

@kalitkd said:

someone for a little nudge??

Enumerate.

is not about that…

@kalitkd said:

is not about that…

But it was a little nudge.

Great box, thanks @VbScrub !

Initially did it with unintended method but I’m glad I re-did it with intended. Learned some new Windows stuff I never knew even was possible.

As others have said, I definitely feel this box deserves a higher difficulty rating. For me it was a bit similar to Obscurity so I would give it a Medium.

Type your comment> @TazWake said:

You need to dig into more of the files around where you found that hash. Read them in detail and check what they point to.

If you find one mentions a place you can access, access it and enumerate more. Here you can understand enough to turn the hash into something you can actually use.

in one of the files there are paths to a dir I can’t access yet. I overlooked something, I guess :smiley: Will try harder …

Finally rooted the intended way, superb box @VbScrub! As people have mentioned would definitely classify this as a medium, but it is definitely one of the more fun and rewarding boxes I have pwned. A variety of skills are required, and you might have to brush up on some knowledge as well. You’ll learn!

User: Don’t worry about poppin’ shellz, that’s not happening until root. Read everything carefully. If you think a room is too dark to go in, keep going! (But careful reading might get you your flashlight). The last step to user requires some skills that hide in the author’s name.

Root: The file you find is obviously interesting, but where are Are Dis Stuff?? Once you got access to the service, you unlock some cool functionality. Don’t stray too far - and don’t forget what you’ve seen. Combine this with what you had before and profit!

PM for nudges :slight_smile:

@theonemcp said:

in one of the files there are paths to a dir I can’t access yet. I overlooked something, I guess :smiley: Will try harder …

Make 100% sure you cant access it. You might be surprised.

Guys any hint how to decode that weird Base46 for C… user?

Type your comment> @ZeWanderer said:

So I found a temp username and password but when I try to use it I get a “Failed to connect with smb1 – no workgroup available” error. A nudge would be appreciated

Hi, I am at this point. I login with this user. And I it works with other connection native in Windows (not sure what can we reveal here). But I am a bit stucked because I am new and I don’t know taking advantage what I found. Anybody do it via bruteforce techniques?

@clubby789 said:
Got user intended method, really interesting!

What is intededed method? :slight_smile:

Finally rooted for second time :smiley:

I don’t know why the ‘chef’ can bake the first bread but not the second? I got weird result when bake the second bread.

The ‘basic’ online compiler somehow not worked for me.

So, because I don’t really familiar with ‘basic’ stuff, then I rewrite it into ‘sharp’ things, and it worked.

And I do it all in linux, btw.

Great box @VbScrub
Btw you are welcome.

EDIT:
The ‘chef’ actually can do the job for all cake. My mistake, pouring wrong ingredients.

Type your comment> @S4lem said:

Guys any hint how to decode that weird Base46 for C… user?

You should be able to find what this user has been working on - and if you don’t see something, it doesn’t mean it’s not there.

Rooted. Very good box. Not so easy for begineer especially with programming. Thanks you very much for this content, i learned very good things.

Spoiler Removed