Nest

@Titan555 said:

connected by Telnet but cannot browse to any files, not much options . only options I get

LIST
SETDIR <Directory_Name>
RUNQUERY <Query_ID>
DEBUG
HELP

how did you guys manage to browse though telnet session ?

What does the second entry in those commands do?

If you have jumped to this port before the other one, you might be missing some crucial information.

Type your comment> @TazWake said:

@Titan555 said:

connected by Telnet but cannot browse to any files, not much options . only options I get

LIST
SETDIR <Directory_Name>
RUNQUERY <Query_ID>
DEBUG
HELP

how did you guys manage to browse though telnet session ?

What does the second entry in those commands do?

If you have jumped to this port before the other one, you might be missing some crucial information.

@Titan555 said:
Type your comment> @TazWake said:

@Titan555 said:

connected by Telnet but cannot browse to any files, not much options . only options I get

LIST
SETDIR <Directory_Name>
RUNQUERY <Query_ID>
DEBUG
HELP

how did you guys manage to browse though telnet session ?

What does the second entry in those commands do?

If you have jumped to this port before the other one, you might be missing some crucial information.

sorry I am still lost here… this machine is hard to crack…

@Titan555 said:

@Titan555 said:
Type your comment> @TazWake said:

@Titan555 said:

connected by Telnet but cannot browse to any files, not much options . only options I get

LIST
SETDIR <Directory_Name>
RUNQUERY <Query_ID>
DEBUG
HELP

how did you guys manage to browse though telnet session ?

What does the second entry in those commands do?

If you have jumped to this port before the other one, you might be missing some crucial information.

sorry I am still lost here… this machine is hard to crack…

edit: got it , i can browse from telnet session…

@Titan555 said:

edit: got it , i can browse from telnet session…

Good. Make sure you have got all the information you need from the other port though.

Rooted. Thanks @VbScrub.

Learned a lot. More machine to come and Good job for this machine @VbScrub.

I want knowledge how to own a machine

@hackempire said:

I want knowledge how to own a machine

Any machine? Start here: PEN-200: Penetration Testing with Kali Linux | OffSec

can someone give me an hunt for the foothold? i have enumerated ports, services, i’ve got an interesting service, but it seems i can’t do nothing with it

YAYYYYYYYYYYYYY :smiley: :smiley: :smiley:
I just got my first root flag and user flag
(after countless hours of staring at the computer screen and wanting to bash my head with wall cuz of VB code :smile: and blank file :smile: Thanks :smile: )
MY FIRST SYSTEMM YESSSS Without ASKING (well except the hints on this forum)

Just wanted to brag cuz I dont have many friends lol xD

Type your comment> @Titan555 said:

connected by Telnet but cannot browse to any files, not much options . only options I get

LIST
SETDIR <Directory_Name>
RUNQUERY <Query_ID>
DEBUG
HELP

how did you guys manage to browse though telnet session ?

There is another way you can browse the files on that server…enumerate, enumerate, enumerate!

my brain is hurting a lot XD

Rooted, fun box. A bit hard for me, considering that it is listed as easy.
Thanks @VbScrub

Anyone open to PM to point me in the right direction? I will share everything I have gathered so far. Thanks

removed

Wow, what a challenge @VbScrub. Thank you for this box! :smiley:

Finally root’ed as well and for me far from “easy” as mentioned before.

Mainly as I have limited windows filesystem knowledge and would never have found the key to the 0 byte file without the hints here in the forum. Bit everything is in the pages here before. I didn’t had to ask somebody by PM and I see this as a personal progress.

Even after reading a lot about the “trick” behind it, as I’m working on a pure Linux machine, I was afraid that I wouldn’t be able to get to the juice.
But as a hint: you can do almost everything on the box itself. No need to spin up a Win-VM. It’s all about knowing and understanding the commands you can use there. And here I learned a lot as well, so thank you again.

Ah, and if you are thinking about how to disassamble windows executables, you may have a look at GitHub - icsharpcode/AvaloniaILSpy: Avalonia-based .NET Decompiler (port of ILSpy)
Worked very well for me.

If you need an little nudge anyway, you are welcome to send me PM with what you have tried so far

As said here what a fun and challenging box!

User - Enumeration is key. Look at what you can do on the open ports. Here may lie some interesting files.

Root - Again enumeration is key, maybe use some of the same methods as user (with some slight changes perhaps).

Thanks @VbScrub for the box. Also thank you to @salt for the invaluable hints.

root dance - I did try to reverse the programs but I still need to learn. Thank you to someone in the forum for about a comment about streams, learn something new. My clue to help anyone along - if you have a break at the right place everything become clear so you don’t need to add any lines (hope that makes sense to someone it is 0300hrs)

So i got to the user flag but when i put it in it says error. Is there an additional step or ADS that I am missing here?

root…FINALLY…Holy ■■■■, what a ride!

Learned a ■■■■ ton, thanks @Vbscrub for the challenge, and to @ZloyObezyan, @chvancooten and @bigb0ss for the tips that helped me get there!