Nest

Hi @s1lv3rst4r,

You have encountered a clue. What can a person do to investigate a broken application, aside from contacting that administrator?

@s1lv3rst4r said:

I got this in telnet when i use runquery
Invalid database configuration found. Please contact your system administrator
A little nudge what to do ?

First off, you may be attacking something you aren’t ready to attack.

Secondly, it reads like you are running DB queries on things which aren’t stored queries so they wont run. If only there was a way to read them and find out what they were.

Finished it, learned a lot.
It is possible to solve this without VS and/or Windows. I used https://dotnetfiddle.net/ and AvaloniaILSpy following a recommendation. If you need a nudge, just pm me.

Got root! It wasn’t as easy as the rankings make you believe but enumeration is the key in this one and some basic programming skills. If you need help let me know

Type your comment> @LMAY75 said:

Invalid database configuration found. Please contact your system administrator

Seems like some other people are also getting this error… PM me if you know the solution please any help would be appreciated!

■■■■ so I took a break for a couple days and completely forgot how I got here

deleted

Type your comment> @LMAY75 said:

I think my nmap is all messed up wasnt there a rlly high port open… something like 13531?

Yea, it sounds like it didnt come back right, make sure you use -A to check all ports.

Type your comment> @menorevs said:

Type your comment> @LMAY75 said:

I think my nmap is all messed up wasnt there a rlly high port open… something like 13531?

Yea, it sounds like it didnt come back right, make sure you use -A to check all ports.

Yea I did… nmap has been fussy all day

rooted!! I had a ton of fun on this one. Shout out to @Vbscrub for the challenge, I am looking forward to your future boxes!

Can anyone give me some help?
This is my first live box I’ve ever tried and it’s driving me nuts ?

Happy to talk over private message.

Type your comment> @Swoopy said:

Can anyone give me some help?
This is my first live box I’ve ever tried and it’s driving me nuts ?

Happy to talk over private message.

There are 22 pages of hints. Where are you stuck at?

? Just a bit lost really.

So I have found temp user creds,
Retrieved files under ruscanner etc.

Read them and Found a username and hash.

Read all the other files I can find like xmls but not just unsure of where to go, how I leverage this hash I don’t see any exe?
The high port doesn’t debug the hash either.

@Swoopy said:

? Just a bit lost really.

Despite the claims, this is really not an “easy” box. If this is your first one, you might struggle a lot with what is asked to get user/root. Dont beat yourself up about this, just accept the fact that this would have been better off marked Medium. You might even want to look at Open Admin instead as a nice starter box.

Having said this.

  1. Read all the files. One points to a place you think you cant go, but you can. Go there and find the new stuff.

  2. Use the new stuff to convert the hash you have into a password.

  3. Use the username and password to access, this will allow you to find more stuff.

  4. Use the new stuff you have to access the high port in a more meaningful manner.

  5. Now you can find a more powerful user’s hash but you need to decompile the binary to know what’s changed when it comes to reversing it to a cleartext password.

  6. When you get the cleartext password, you can go back to the first port and connect to the filesystem as the more powerful user. Root look awaits.

DM me for help :smile:

Roooooted!!!
A lot of enumeration.
User part was hardest part for me in this box, especially “empty” file. Never hear about that before.

Type your comment> @fcmunhoz said:

I found c.s***h hash in a file.
I dont know what to do next.

I cant decrypt the hash
Please, any hint?

I’m in the same situation as you, I found the hash of C … H but I don’t know how to decrypt it.

@Gh0stBl4ck said:

I’m in the same situation as you, I found the hash of C … H but I don’t know how to decrypt it.

Are you still stuck or did the previous hints help?

Type your comment> @TazWake said:

@Gh0stBl4ck said:

I’m in the same situation as you, I found the hash of C … H but I don’t know how to decrypt it.

Are you still stuck or did the previous hints help?

I’m still stuck, can you help me?

Type your comment> @Gh0stBl4ck said:

Type your comment> @fcmunhoz said:

I found c.s***h hash in a file.
I dont know what to do next.

I cant decrypt the hash
Please, any hint?

I’m in the same situation as you, I found the hash of C … H but I don’t know how to decrypt it.

Look inside the files you found and enumerate a little bit more!
Vamo Recife \o/

@Gh0stBl4ck said:

I’m still stuck, can you help me?

Basically what @fcmunhoz said.

You need to double check every file you can read. One points to something you think you cant reach. You can reach it.

Go there, get the stuff. Modify it so it gives you output and run it to crack the hash.