Nest

Type your comment> @S4lem said:

Guys any hint how to decode that weird Base46 for C… user?

You should be able to find what this user has been working on - and if you don’t see something, it doesn’t mean it’s not there.

Rooted. Very good box. Not so easy for begineer especially with programming. Thanks you very much for this content, i learned very good things.

Spoiler Removed

@TazWake LOL

rooted.

this box is not easy (intended way).
hint to all (user,root) : D3BUG !

Love the box btw @VbScrub, I hate windows, been voiding it for a while, this one’s actually fun for me :slight_smile:

And done!

Definitely not an easy one. Admins should take all comments into account and do something or at least to plan for future cases like this one.
Done it in intended way (as it is only possible way now :slight_smile: )

@VbScrub Nice box. Very good learning experience.

Spoiler Removed

@squirrelpizza said:

Does anyone have a nudge as how to make the srp* run?

You where on the right track using VS. Try debug/learn what the program is actually doing. Once you understand how its doing its cryptomagic, try to figure out how you can reuse whats in front of you to return what you want.

I am a bit stuck on getting root. I read all the comments here about a 0 bytes file that might contain data, but hex dump and all the other tools I can use show nothing. There is a streams option, but I am not sure I can mount n…s file system to access that, even if this has been set up.

So I am wondering what am I missing here. Tried enumerating several times, I think I have found everything, unless there is second hidden share I have missed?

@pipi said:
but I am not sure I can mount n…s file system to access that, even if this has been set up.

you’re on the right track

I’ve been trying all the files possible, even using a windows virtual machine to try and figure out how to get these 0 byte files? I assumed they were str**** but copying these over doesn’t seem to do much. Sorry if this is tmi. Just absolutely stuck here.

Rooted.

I would rate this box as medium.

I would definitely recommend using a Windows VM for certain steps.

@squirrelpizza said:

I’m lost as how to use the vbscript to decrypt the password. I’ve tried pasting the entire script into notepad++ and executing with the cscript command on the windows command line. I’ve tried executing it from Visual Studio and online compilers but they return error messages. I’ve tried just using the decryption part and pasting in the encrypted password, and puting the password into the RU_Config.xml file as indicated in the script. Does anyone have a nudge as how to make the script run?

You can use MSBuild, part of Visual Studio, to compile a project.

I couldn’t figure how to compile directly in Visual Studio to be honest.

@ChurchBiscuit said:
I’ve been trying all the files possible, even using a windows virtual machine to try and figure out how to get these 0 byte files? I assumed they were str**** but copying these over doesn’t seem to do much. Sorry if this is tmi. Just absolutely stuck here.

I think you aren’t yet in the step that requires access to such file.

You don’t need to guess or check every file, since it’s only one available.

■■■■, that’s threw me through a ■■■■ loop. Got the hash thing, can’t find how to decode it anywhere.

@twypsy said:
I think you aren’t yet in the step that requires access to such file.

You don’t need to guess or check every file, since it’s only one available.

Maybe I could grab a hint then? Cause I’m beat.

@VbScrub Thanks for the box. It was a fun ride.

@twypsy said:

You can use MSBuild, part of Visual Studio, to compile a project.

I couldn’t figure how to compile directly in Visual Studio to be honest.

You can also just use online compilers like this: https://dotnetfiddle.net

Any nudge on how to solve this error “Padding is invalid and cannot be removed”.

I got the same error and would like to know as well.

Umm similar problem. Trying to guess which of the various parameters needs to be changed to resolve padding error is never going to work. There must be a clue somewhere??

sounds like you guys are maybe trying to use the old encryption routine (the one you find to get the c**** user’s credentials) to decrypt the new password you’ve got from the l***.c*** file. Is that what you are doing? or are you still talking about trying to get the first decryption done?