Nest

@sparkla said:

Thats the point - I do not know what I’m looking for at hi port - it’s meant to be the D****G password, that’s what I understood. Or did I get this wrong?

A frequent problem occurs when people try a million things in a race to get to root - you dont know what you are looking for and if you dont know what you are looking for, how can you ever hope to find it.

My suggestion, and being concious of spoilers, is to have a think about how Windows can store data and what the previous hints about the files mean. If you were on a windows box you could control fully, you could install Sysinternals as it has a tool exactly for this. So google what Sysinternals tools there are.

When you’ve worked out what the problem is likely to be you can frame a better question either here or to Google.

The data you need to get for this step can be found with the same tool you’ve probably been using to access the lower port for every other step.

@VbScrub . Finally did it. I’m a newbie to this. First I thought this will be an easy box, but the decryption part with simple logic squeezed me hard (I have no knowledge in writing program). Enumeration was interesting and easy for me. But I was really frustrated to get pass the decryption part. Thanks for the Challenge. This is my 2nd windows box and this was the toughest box for me. One of my mate helped me to get understand the decryption part.

Rooted. Also started with the thoughts that this might be an easy box, but you really need to think twice. Enumeration is the key for both User and Root, if you get stuck, you might have missed something. Feel free to send a PM if you need a hint

■■■■ good box, interesting task. It is very good that the box has been patched. Large thanks for author, large thanks to those who helped.

@VbScrub Thanks for the challenge my man, have learned a lot with it, got possible mad once or twice in the process, cuz i got where you comming from , rating it as easy, but one thing to comprehend is your challenge there are a few way to approach rationally that could led you to dead ends, so nonetheless this machine could take you more time then what an “easy machine” supposed too. it is wrongly rated, imho, someone should address it ! that said… MaD rEsPECT !:slight_smile:

that box is not so easy, specially the decryption part for me, enumeration was easy. rooted

I’ve found the hash of the 2nd user, and I have had a look to every file carefully. I’ve seen “recent files” paths but I can’t reach them and… I don’t know what to do with empty files, I’m stuck there… Any hint please?

I managed to connect to the higher port but when I run the “runquery” command all I get is “Invalid database configuration found” on any file I try to read.

@Lu5i4 said:

I’ve found the hash of the 2nd user, and I have had a look to every file carefully. I’ve seen “recent files” paths but I can’t reach them and… I don’t know what to do with empty files, I’m stuck there… Any hint please?

Are you 100% sure you cant reach the recent files paths? Have you checked every possible way? (There is a better hint a few questions up in this thread)

Can anyone help with “System.Security.Cryptography.CryptographicException: 'Padding is invalid and cannot be removed.” error???

I have looked at the code in the Ldap.exe and change the lines in Vb.utils but don´t know why the error continues

@RandomPerson00 said:

I managed to connect to the higher port but when I run the “runquery” command all I get is “Invalid database configuration found” on any file I try to read.

It probably means the database isn’t configured in a way which allows you “read” something by running a query on it. Really you need to find a way to show the contents of the stored query, but you need to get the debug password.

@alexmore8 said:
Can anyone help with “System.Security.Cryptography.CryptographicException: 'Padding is invalid and cannot be removed.” error???

I have looked at the code in the Ldap.exe and change the lines in Vb.utils but don´t know why the error continues

already been answered in other comments in this thread. Basically you’re using the wrong decryption routine. Just copy the entire decryption routine you found in the new EXE instead of trying to modify the existing one you have from the user flag

Type your comment> @viks said:

Any body who have done ADS part using linux , could you please help on the syntax part or tool that yo have used, n**s-3g is not allowing me to mount a remote share. i have temporary users credentials and i am able to mount share in cifs mode but i think that losses some file’s properties in DATA variable .

Don’t want to use windows for this challenge.

Thanks in advance

^ This. If @viks or anyone else has a hint I’ll gladly accept it.

Great box btw.

Finally I rooted my first machine. The first challenge - get user - was a bit hard because I was my first time with tools I used. And some information was unexpected from me. Specially when I found one peach of information from one file which looks like something and there is more if you scratch a bit. The admin was a bit easier once you have the user due you have enough knowledge you didn’t have before. I required linux and windows to do it.

Finally, thank you to some users for their little help in some points I need help.

Now it’s time to another one.

Thank you

Any suggestions for a noob?

@Machevalia said:

^ This. If @viks or anyone else has a hint I’ll gladly accept it.

Great box btw.

It is entirely do-able with Kali. Google the tool you use to connect and ways to see the type of data you want to see.

Type your comment> @TazWake said:

It is entirely do-able with Kali. Google the tool you use to connect and ways to see the type of data you want to see.

This is true. The water stopped flowing when I was moving the file from one place to another. s*******t has a command to view ALL of what you need to GET what you need. Happy to give more hints.

Hi all, can someone DM with some advice please? i’ve got things from a project and used them to make something in VB, I’ve tried to add an output but it runs and displays nothing.
I’ve not used VB before so struggling to understand how to get it to write out properly. Thanks in advance :slight_smile:

EDIT I think i’ve got a password… P*******S is this right or am i way off?

Type your comment> @TazWake said:

@Lu5i4 said:

I’ve found the hash of the 2nd user, and I have had a look to every file carefully. I’ve seen “recent files” paths but I can’t reach them and… I don’t know what to do with empty files, I’m stuck there… Any hint please?

Are you 100% sure you cant reach the recent files paths? Have you checked every possible way? (There is a better hint a few questions up in this thread)

I have connect through a higher port but I don’t know if this is the way for root…

Good box.

Thanks @VbScrub - Really enjoyed this one. I had to dig out old skills from years gone by. Took me back some!

I did it mostly with Linux. I also used a windows virtualbox for some reverse engineering and looking deeper into the river.

This one covers a good few skills indeed, but there is one part that I thought was very ctf and you won’t know it unless you already came across it before. I got stuck on it for a while until a friendly hint reminded me of the trick.

pm for help.

ROOTED!!! Thanks a lot to @TazWake and @FastDuck for the help.