Nest

1202123252633

Comments

  • Type your comment> @LMAY75 said:

    Invalid database configuration found. Please contact your system administrator

    Seems like some other people are also getting this error... PM me if you know the solution please any help would be appreciated!

    Lmao so I took a break for a couple days and completely forgot how I got here

  • edited February 10

    deleted

  • Type your comment> @LMAY75 said:
    > I think my nmap is all messed up wasnt there a rlly high port open... something like 13531?

    Yea, it sounds like it didnt come back right, make sure you use -A to check all ports.
  • Type your comment> @menorevs said:

    Type your comment> @LMAY75 said:

    I think my nmap is all messed up wasnt there a rlly high port open... something like 13531?

    Yea, it sounds like it didnt come back right, make sure you use -A to check all ports.

    Yea I did... nmap has been fussy all day

  • rooted!! I had a ton of fun on this one. Shout out to @Vbscrub for the challenge, I am looking forward to your future boxes!

    GCIH | GCED | GCIA | GSEC | GPYC | CEH | Security+

  • Can anyone give me some help?
    This is my first live box I've ever tried and it's driving me nuts 🤪

    Happy to talk over private message.

  • Type your comment> @Swoopy said:
    > Can anyone give me some help?
    > This is my first live box I've ever tried and it's driving me nuts 🤪
    >
    > Happy to talk over private message.

    There are 22 pages of hints. Where are you stuck at?
  • 😂 Just a bit lost really.

    So I have found temp user creds,
    Retrieved files under ruscanner etc.

    Read them and Found a username and hash.

    Read all the other files I can find like xmls but not just unsure of where to go, how I leverage this hash I don't see any exe?
    The high port doesn't debug the hash either.
  • @Swoopy said:

    😂 Just a bit lost really.

    Despite the claims, this is really not an "easy" box. If this is your first one, you might struggle a lot with what is asked to get user/root. Dont beat yourself up about this, just accept the fact that this would have been better off marked Medium. You might even want to look at Open Admin instead as a nice starter box.

    Having said this.

    1) Read all the files. One points to a place you think you cant go, but you can. Go there and find the new stuff.

    2) Use the new stuff to convert the hash you have into a password.

    3) Use the username and password to access, this will allow you to find more stuff.

    4) Use the new stuff you have to access the high port in a more meaningful manner.

    5) Now you can find a more powerful user's hash but you need to decompile the binary to know what's changed when it comes to reversing it to a cleartext password.

    6) When you get the cleartext password, you can go back to the first port and connect to the filesystem as the more powerful user. Root look awaits.

  • DM me for help :smile:

  • edited February 11

    Roooooted!!!!!!!
    A lot of enumeration.
    User part was hardest part for me in this box, especially "empty" file. Never hear about that before.

    Kirzaks

  • Type your comment> @fcmunhoz said:

    I found c.s***h hash in a file.
    I dont know what to do next.

    I cant decrypt the hash
    Please, any hint?

    I'm in the same situation as you, I found the hash of C ... H but I don't know how to decrypt it.

    Hack The Box

  • @Gh0stBl4ck said:

    I'm in the same situation as you, I found the hash of C ... H but I don't know how to decrypt it.

    Are you still stuck or did the previous hints help?

  • Type your comment> @TazWake said:

    @Gh0stBl4ck said:

    I'm in the same situation as you, I found the hash of C ... H but I don't know how to decrypt it.

    Are you still stuck or did the previous hints help?

    I'm still stuck, can you help me?

    Hack The Box

  • Type your comment> @Gh0stBl4ck said:

    Type your comment> @fcmunhoz said:

    I found c.s***h hash in a file.
    I dont know what to do next.

    I cant decrypt the hash
    Please, any hint?

    I'm in the same situation as you, I found the hash of C ... H but I don't know how to decrypt it.

    Look inside the files you found and enumerate a little bit more!
    Vamo Recife \o/

  • @Gh0stBl4ck said:

    I'm still stuck, can you help me?

    Basically what @fcmunhoz said.

    You need to double check every file you can read. One points to something you think you cant reach. You can reach it.

    Go there, get the stuff. Modify it so it gives you output and run it to crack the hash.

  • For those of you who are using Linux and hit the programming portion of this box. The lang here uses libs only available on Windows and it will not work on mono or anything that uses it. HOWEVER just use the portion of code that converts the pass
    with Rfc2898DeriveBytes and dump the bytes to a file and convert the rest with python. EZ mode. Far easier then fighting with the lang on Linux for sure.

  • I found an empty file: D************d.**t
    Is this the correct file? how can I read the hidden data?

    if you can help me with any hint, please PM me.
    Thx!

  • rooted,
    What a journey that was.
    I had fun for sure, but the user flag did my head in lol :smiley: - not my strong point in the method used there but never give up :) - Fiddler is your friend (at least for me)
    Thank you @VbScrub for creating this.

    Another thank you to @TazWake for your nudges.

    Always happy to help others and remember to +respect me if I helped you ; )

  • @fcmunhoz said:

    I found an empty file: D************d.**t
    Is this the correct file? how can I read the hidden data?

    if you can help me with any hint, please PM me.
    Thx!

    This has been asked quite a few times. Have a look at the previous hints.

  • Finally rooted.

    I don't think I can improve the nudges given on the previous pages. Everything is here. Read it carefully.
    Congratulations to @VbScrub.

    For those who could do it all on Linux, I would appreciate if you could tell me (PM) how. I would like to learn new techniques.

  • Great box to do. Really refreshing NOT to have to pop some contrived dodgy web functionailty to get a low level shell on a box. A good box to intro anyone new to this kind of thing. It makes you think a little, investigate a little, and get to know your tools a lot.

    I haven't been able to get on HTB for a while so thought I'll go straight to a nice easy box on the list and landed on Nest. It was a little trickier than I thought it would be that's for sure. That's not to say this box is hard, not at all, it's actually quite easy if you have any sort of programming experience. Now I'm by far the best when it comes to reversing code so this took me a few more minutescoughhours to do but once you get through it everything just falls into place.

    This box flows nicely from one clue to the next, no guessing is needed you just need to enumerate well, keep good notes, think about why something is where it is, and think about what kind of operaing system you're dealing with. Basically the appraoch you should take with any HTB challenge and any pentest you ever do.

    I read through some posts on here after checking this box out and I see people thought it was harder than easy. I'm not so sure about that. Everything is hard if you haven't done it or heard about something before but if you look at this box after you've done it you'd see actually everything is there in front of you each step of the way you just need to know how to use your tools, and don't expect to just do an easy rated box in 10 minutes.

    @VbScrub thanks for making this box, I really enjoyed it. I look forward to your next one.

    Vosman

  • Great box, really interesting and is not easy. Thanks @VbScrub .
    Thanks to @aguiar507 for the hint about the 0 byte file, really appreciate.

  • Really enjoyed this box, my first root of an active machine! @VbScrub clearly put a lot of thought into it, nice trail of breadcrumbs and not many rabbit holes. CyberChef came in useful on a couple occasions. Also stumbled across the password (think it was to eventually get root) by just reading the help/docs for s**c*****, trying all the commands and noticing something odd.

    One tip I've got is don't assume just because you can't access a certain dir that you can't access any of its subdirs or files. Windows/NTFS seems to allow you to "skip" dirs in a path you don't have permissions for.

    OrangeHat

  • rooted!!! crazy trip for me my first active windows machine learn alot techniques
    @VbScrub thanks for the box :)
    pm free for hint

  • Extremely great box. Thank you for taking the time to make it @VbScrub !!!!

  • Need a bit of a push, i think im on the VB part, can someone nudge me?

  • @Vosman said:
    This box flows nicely from one clue to the next, no guessing is needed you just need to enumerate well, keep good notes, think about why something is where it is, and think about what kind of operaing system you're dealing with. Basically the appraoch you should take with any HTB challenge and any pentest you ever do.

    Thanks for the positive review :) that's exactly what I was going for. Glad to hear it worked out well for some people on here

  • edited February 13

    hi!
    I received a password from c* **h using VB, the next enum from under c***h with new pass did not give new results.
    what am I doing wrong?
    continue enum?
    this is my first box)))
    thanks in advance

  • Amazing Box! I've been really wanting some Windows hacking experience since I'm primarily a Linux guy, and this box was a great challenge and very rewarding. Some pretty cool stuff in each step, really blown away by it. It forces you to use some new tools and learn some new things, which is what a good box here does.

    PM with any questions.

    Great job @VbScrub!

    sixtonspacefly

Sign In to comment.