Nest

rooted,
What a journey that was.
I had fun for sure, but the user flag did my head in lol :smiley: - not my strong point in the method used there but never give up :slight_smile: - Fiddler is your friend (at least for me)
Thank you @VbScrub for creating this.

Another thank you to @TazWake for your nudges.

@fcmunhoz said:

I found an empty file: D************d.**t
Is this the correct file? how can I read the hidden data?

if you can help me with any hint, please PM me.
Thx!

This has been asked quite a few times. Have a look at the previous hints.

Finally rooted.

I don’t think I can improve the nudges given on the previous pages. Everything is here. Read it carefully.
Congratulations to @VbScrub.

For those who could do it all on Linux, I would appreciate if you could tell me (PM) how. I would like to learn new techniques.

Great box to do. Really refreshing NOT to have to pop some contrived dodgy web functionailty to get a low level shell on a box. A good box to intro anyone new to this kind of thing. It makes you think a little, investigate a little, and get to know your tools a lot.

I haven’t been able to get on HTB for a while so thought I’ll go straight to a nice easy box on the list and landed on Nest. It was a little trickier than I thought it would be that’s for sure. That’s not to say this box is hard, not at all, it’s actually quite easy if you have any sort of programming experience. Now I’m by far the best when it comes to reversing code so this took me a few more minutescoughhours to do but once you get through it everything just falls into place.

This box flows nicely from one clue to the next, no guessing is needed you just need to enumerate well, keep good notes, think about why something is where it is, and think about what kind of operaing system you’re dealing with. Basically the appraoch you should take with any HTB challenge and any pentest you ever do.

I read through some posts on here after checking this box out and I see people thought it was harder than easy. I’m not so sure about that. Everything is hard if you haven’t done it or heard about something before but if you look at this box after you’ve done it you’d see actually everything is there in front of you each step of the way you just need to know how to use your tools, and don’t expect to just do an easy rated box in 10 minutes.

@VbScrub thanks for making this box, I really enjoyed it. I look forward to your next one.

Great box, really interesting and is not easy. Thanks @VbScrub .
Thanks to @aguiar507 for the hint about the 0 byte file, really appreciate.

Really enjoyed this box, my first root of an active machine! @VbScrub clearly put a lot of thought into it, nice trail of breadcrumbs and not many rabbit holes. CyberChef came in useful on a couple occasions. Also stumbled across the password (think it was to eventually get root) by just reading the help/docs for s**c*****, trying all the commands and noticing something odd.

One tip I’ve got is don’t assume just because you can’t access a certain dir that you can’t access any of its subdirs or files. Windows/NTFS seems to allow you to “skip” dirs in a path you don’t have permissions for.

rooted!!! crazy trip for me my first active windows machine learn alot techniques
@VbScrub thanks for the box :slight_smile:
pm free for hint

Extremely great box. Thank you for taking the time to make it @VbScrub !!!

Need a bit of a push, i think im on the VB part, can someone nudge me?

@Vosman said:
This box flows nicely from one clue to the next, no guessing is needed you just need to enumerate well, keep good notes, think about why something is where it is, and think about what kind of operaing system you’re dealing with. Basically the appraoch you should take with any HTB challenge and any pentest you ever do.

Thanks for the positive review :slight_smile: that’s exactly what I was going for. Glad to hear it worked out well for some people on here

hi!
I received a password from c* h using VB, the next enum from under c*h with new pass did not give new results.
what am I doing wrong?
continue enum?
this is my first box)))
thanks in advance

Amazing Box! I’ve been really wanting some Windows hacking experience since I’m primarily a Linux guy, and this box was a great challenge and very rewarding. Some pretty cool stuff in each step, really blown away by it. It forces you to use some new tools and learn some new things, which is what a good box here does.

PM with any questions.

Great job @VbScrub!

Hi

I’ve connected successfully to SMB with the following credentials - TU:w*********9 but I didn’t find any flag, can someone help me?

Type your comment> @100 said:

Hi

I’ve connected successfully to SMB with the following credentials - TU:w*********9 but I didn’t find any flag, can someone help me?

did you find any files? .xml, .txt …
in one of them you will find real ways, but it will seem to you that you cannot use them with your access rights - this is not so. you can open a subfolder and there you will find the following interesting problem)))
sorry for my English
good luck

Hi, I’m newbie as ■■■■. I’m hardstuck, can someone help me? I didn’t even get the credentials for user. I did enum and mounted some folders, but they are read only and 0 bytes. I don’t know what to do. I’m running Kali in a VM. Thanks

Type your comment> @N0ir said:

Hi, I’m newbie as ■■■■. I’m hardstuck, can someone help me? I didn’t even get the credentials for user. I did enum and mounted some folders, but they are read only and 0 bytes. I don’t know what to do. I’m running Kali in a VM. Thanks

look
at the beginning use nmap with various flag
further use smbmap to enum to find public folders
use smbclient to connect to them. connect as an anonymous user and browse all files and you will find unteresting thingth

Type your comment> @bfrag said:

Type your comment> @100 said:

Hi

I’ve connected successfully to SMB with the following credentials - TU:w*********9 but I didn’t find any flag, can someone help me?

did you find any files? .xml, .txt …
in one of them you will find real ways, but it will seem to you that you cannot use them with your access rights - this is not so. you can open a subfolder and there you will find the following interesting problem)))
sorry for my English
good luck

I’ve found an interesting txt file, but without any problem to solve.
what do you think?

Type your comment> @100 said:

Type your comment> @bfrag said:

Type your comment> @100 said:

Hi

I’ve connected successfully to SMB with the following credentials - TU:w*********9 but I didn’t find any flag, can someone help me?

did you find any files? .xml, .txt …
in one of them you will find real ways, but it will seem to you that you cannot use them with your access rights - this is not so. you can open a subfolder and there you will find the following interesting problem)))
sorry for my English
good luck

I’ve found an interesting txt file, but without any problem to solve.
what do you think?

@100 said:
Type your comment> @bfrag said:

Type your comment> @100 said:

Hi

I’ve connected successfully to SMB with the following credentials - TU:w*********9 but I didn’t find any flag, can someone help me?

did you find any files? .xml, .txt …
in one of them you will find real ways, but it will seem to you that you cannot use them with your access rights - this is not so. you can open a subfolder and there you will find the following interesting problem)))
sorry for my English
good luck

I’ve found an interesting txt file, but without any problem to solve.
what do you think?

if the .txt has a username and password - use them again in smbclient and you will see more files…
be very attentive and hardworking

Hi, thanks to all previous threads. I have cracked the 1st hash. Cracked the exe and know the 2nd crypt parameters. Now I think I need the 2nd hash.
I used the most common tool to connect to the high port. But I’m stuck at how to apply the empty file to the high port so I can browse file contents.
Can anyone give me a hint?

I liked the enumeration part, which was very realistic. Slightly CtFey on some parts but not too the point that it becomes annoying. Good to have to face Windows/VB once in a while, makes one get out of the comfort zone; so thanks for this box !