Nest

This is my 1st machine, sadly have no job so can’t afford vip.
so far i have reached a empty new txt, temp password, the Ru****xml but cant decode the password, also found an high port 4 but i wasn’t able to exploit it for now.
I’ll keep trying

I’ve telnetted in through the higher port, dug through all DIR, and cannot actually open any files or access the SAM etc. This is my first box really… if I can’t open a file to get a user cred I feel quite SOL. Maybe I need to use a different service… I’ve been trying this past couple days after work. About to throw this computer. lol Can someone give me a hint on how to open a file at least or something.

Ok, got user, I’m trying to get ROOT. I have the debug password and I used it to access the extra options, didn’t get anything new from that, only a couple of paths that I already had.
I also have the exe that connects to LP. Used a d******r to see what it does… aaaand I’m super lost … help plz?

.deleted

I’m right now trying to make sense of the exe file and the “empty” file.
for the exe I tried so far:

  • O*D but this was a big fail
  • R****e2 worked better but I couldn’t make sense of it
  • “NSA Tool”: looks promising. but I still need to find out how it works

I’m on the right track with this?

for the empty file I don’t know what to do. I guess the problm is that the data gets lost when the ile is copied over from windows to linux.
But I don’t know how to examine the file directly on the share :frowning:
Hints are appreciated (also per PM)

Type your comment> @theonemcp said:

I’m right now trying to make sense of the exe file and the “empty” file.
for the exe I tried so far:

  • O*D but this was a big fail
  • R****e2 worked better but I couldn’t make sense of it
  • “NSA Tool”: looks promising. but I still need to find out how it works

I’m on the right track with this?

for the empty file I don’t know what to do. I guess the problm is that the data gets lost when the ile is copied over from windows to linux.
But I don’t know how to examine the file directly on the share :frowning:
Hints are appreciated (also per PM)

The empty file might not actually be empty. Maybe you should get ALL the INFO. :stuck_out_tongue:

@theonemcp said:
I’m right now trying to make sense of the exe file and the “empty” file.
for the exe I tried so far:

  • O*D but this was a big fail
  • R****e2 worked better but I couldn’t make sense of it
  • “NSA Tool”: looks promising. but I still need to find out how it works

I’m on the right track with this?

for the empty file I don’t know what to do. I guess the problm is that the data gets lost when the ile is copied over from windows to linux.
But I don’t know how to examine the file directly on the share :frowning:
Hints are appreciated (also per PM)

the file is a .net file, maybe you need a .net Decompiler.
as for empty file , just type ‘help’ in connection, and look around those command, just try it.

Got root and I really enjoyed the whole process, even figured it out on my own; now that is scary! Thanks for the box @VbScrub , brought back memories of my old programming days and as controversial as it may seem, I actually like VB. :smiley:

Spoiler Removed

Spoiler Removed

Finally got root. This is the second box I have attempted, and the first I have actually completed.

Thanks to @VbScrub for the challenging machine, it has been a long time since I dabbled in .net, so this was a welcome refresher. Thanks to all for the hints along the way

@Mati3d said:

This is my 1st machine, sadly have no job so can’t afford vip.
so far i have reached a empty new txt, temp password, the Ru****xml but cant decode the password, also found an high port 4 but i wasn’t able to exploit it for now.
I’ll keep trying

Focus on reading and fully understanding everything you can find on the lower one. Remember to use credentials when you find them and crack them if you have to.

If you cant crack them immediately, keep looking to see if you can find something that might help you crack them.

Try every bit of information you find, dont assume that it wont work.

Rooted! After 3 days and 15 hours! The hardest machine I’ve opened and my very first Windows machine!

Special thanks to @Amir12 @Alpha19 and @nardin for the guidance!

Great box @VbScrub ! Gave me a really good headache!

Feel free to Message me if you need any help!

@Relic006 said:

I’ve telnetted in through the higher port, dug through all DIR, and cannot actually open any files or access the SAM etc. This is my first box really… if I can’t open a file to get a user cred I feel quite SOL. Maybe I need to use a different service… I’ve been trying this past couple days after work. About to throw this computer. lol Can someone give me a hint on how to open a file at least or something.

There is more than one port.

@drset said:

Ok, got user, I’m trying to get ROOT. I have the debug password and I used it to access the extra options, didn’t get anything new from that, only a couple of paths that I already had.
I also have the exe that connects to LP. Used a d******r to see what it does… aaaand I’m super lost … help plz?

Read more. When you say you didn’t get anything new, that might mean you haven’t used it to enumerate enough. Loot is available.

own user. Not bad. My first machine here and elsewhere. Interesting. Three days think and try. If I think now it is easy. My challenge was getting the correct tools to face the problem and to be honest to download files without mirroring. I missed a couple of files which was crucial to get the password.

Please any hint on the “empty” file ???

I have get it several times and use recurse, use strings and found anything in there.

I really liked this box! Thanks author :slight_smile:

hint for one of the steps in root: try different decompilers!

Type your comment> @alexmore8 said:

Please any hint on the “empty” file ???

I have get it several times and use recurse, use strings and found anything in there.

You just need a bit MORE :smile:

@alexmore8 said:

Please any hint on the “empty” file ???

I have get it several times and use recurse, use strings and found anything in there.

Use the tools available to you on the remote box. This will allow you get the data you need.