Nest

Type your comment

Type your comment> @TazWake said:

@Lu5i4 said:

Ok, I need help with the reversing of the exe file. I’ve used strings and IDA (not PRO) but I can’t see any helpful information… any hint?

Nest - #446 by n00py - Machines - Hack The Box :: Forums

Ohhh cool! I got it, thank you so much!!! :slight_smile:

struggling abit with nest, enumeration isnt playing ball…

Rooted all on kali.
TBH, i really do not get the reason why this box is rated easy.

Got User, had some trouble to get the ADS with Linux. It seems that the password i found is wrong for D***G, may I missed something ?

@DonDon69 said:

Got User, had some trouble to get the ADS with Linux. It seems that the password i found is wrong for D***G, may I missed something ?

Possibly - Is the first and last character the same letter, just different case?

May I please get a hint for the first user? To be exact the D***G password.

@RandomPerson00 said:

May I please get a hint for the first user? To be exact the D***G password.

You are asking for two different things.

If you want the first user, you need to find the hash and crack it - lots of tips on that in the previous pages.

Once you’ve got the first user, enumeration will get you the D***G password.

@TazWake
Can you please give me a specific hint? I have no Idea as to what I should do.

@RandomPerson00 said:

Can you please give me a specific hint? I have no Idea as to what I should do.

Ok, but as I have no idea of what you have done or where you are on the box, I have no way of knowing if it is useful or not.

  1. Use nmap to scan the box, find every open port.
  2. Pick one of them and find the tools you have available in kali to access it and gather as much information as you can.
  3. Take the information you’ve found and use one bit of it to “crack” the password hash you will have found because you’ve looked at everything you can look at.
  4. Use the account you now have access to and gather all the data you can access, this should include the user flag.
  5. use the password you’ve been given on the port you ignored and find more loot.
  6. analyse the binary you’ve found and work out what you have to change to crack the new loot.
  7. use your new credentials to access a thing you couldn’t really access before and read root flag.

While I’ve tried my best, there is a chance this will be removed as a spoiler soon.

I have loved this box but am struggling on last step. I am at very end, including getting 3 different passwords. Should be able to just log in and get root flag but somethings not working. Would really appreciate a nudge. I feel like this should be the easy part.

any hint of getting the hashes, to enable me get user.txt ?

@unicent said:

I have loved this box but am struggling on last step. I am at very end, including getting 3 different passwords. Should be able to just log in and get root flag but somethings not working. Would really appreciate a nudge. I feel like this should be the easy part.

If you have the admin password you can connect to the file system share as admin and navigate it fully.

@b1ackArr0w said:
any hint of getting the hashes, to enable me get user.txt ?

you’re looking at 18 pages of hints

Finally rooted. Nice box thank @VbScrub for sharing this.

Rooted the box. Thank you @VbScrub for creating it. The hardest part for me was that the first decompilation tool I used for priv esc didn’t decompile the executable correctly. The decompilation tool that worked for me was AvalonialLSpy. Feel free to DM me for more hints.

rooted.

I would say that this was the hardest box I have done so far because I have down to zero knowledge of Visual studio. Yes you need to have basic knowledge of Visual studio to crack this machine.

Learned a lot . Thanks

Stuck with the executable file and a file saying it’s empty. Trying to mae a way around it.

Rooted. Thx @VbScrub for studying some new things. The difficulty level is more similar to the average.
As usual, pm if you stuck, although 19 pages of tips should be enough :slight_smile:

If someone needs help. Please DM and explain what you already know, what you already tried and where you at in this challange. No spoilers, only help. See ya!