Nest

@grav3m1ndbyte said:
I’m in the last phase and got a secret from L*p.cF but can’t repeat the step from user as it complains about bad padding. What am I missing?

Does Lp.c* look like something else you encountered before? maybe HLap.*xe

Type your comment> @nristo said:

@grav3m1ndbyte said:
I’m in the last phase and got a secret from L*p.cF but can’t repeat the step from user as it complains about bad padding. What am I missing?

Does Lp.c* look like something else you encountered before? maybe HLap.*xe

Thank you! I guess I didn’t look carefully

Well, got root! Interesting box for sure, I have lots to learn especially with vbscript which I have been avoiding until now. Many thanks to @n00py, @Darvidor and @rootshooter for helping!

I would like to ask as i’ve just started this box…Could anyone confirm if there are only 2 ports 4*5 and 4**6 opened ?! Is this accurate or my enumeration sucks…?

Type your comment> @Destroyervg said:

I would like to ask as i’ve just started this box…Could anyone confirm if there are only 2 ports 4*5 and 4**6 opened ?! Is this accurate or my enumeration sucks…?

Pretty Accurate!

I get ‘Invalid database configuration found. Please contact your system administrator’ when trying to do things on the higher port. Is this deliberate to get me to look elsewhere or is it an actual issue?

I been spinning my wheels on this most of the day. Never done any reversing before. I got the user flag and I have a 0 byte file plus and exe. I been playing around on the high port but I not sure what my next step is. I looked back though some of the pages and I have tried a hand full of things on the 0 byte file but still can’t seem to put this puzzle together. Can I someone PM me?

Headbang x 1000. I’ve got everything bar a way of revealing the locat of the root flag. Can someone please pm me on how I can get it to show itself please?

Thanks

Pilgrim23

Finally rooted! Learnt alot, thanks @VbScrub

@Pilgrim23 said:
I get ‘Invalid database configuration found. Please contact your system administrator’ when trying to do things on the higher port. Is this deliberate to get me to look elsewhere or is it an actual issue?

it is deliberate and cannot be fixed

Finally rooted!!! I overthought this machine so hardcore. However I learned an incredible amount about windows and active directory in the process. One of my favorites so far.

edit: wrong forum lol.

Rooted!

Man, that was a super, super thorough machine. I think I learned more tools and tricks on this one, than most others.

This is one of those cases where terms like “Easy” and “Hard” don’t really describe things too well.

There’s a lot to do, and a lot of information to comb through. None of the things you are tasked with doing are very hard at all… but there’s so many different areas of knowledge being tested that I’m sure most newer users will be learning something, somewhere.

The “empty file” portion was really cool, and threw me for a loop!

Love this machine, great job @VbScrub.

I don’t seem to find any other empty file other than N********.txt. via one common port. That’s not decrytable I reckon. Am I expecting more than one empty files?

So i have gotten to the hash of .**** user. No clue what to do now. I have navigated through every share possible using st, navigated through the H service running in TT. I have not found any empty files that people are mentioning. The empty files i found seem to be differently named than the ones mentioned by others here. could someone please point me to the right direction? Ive been stuck here for hours.

Can anyone please help me with the VB part? I can’t seem to compile with online compiler…

Gotcha)) Rooted! Thx @VbScrub for this wornderful box! Very interesting)

@SpiffyLich said:
Man, that was a super, super thorough machine. I think I learned more tools and tricks on this one, than most others.

Love this machine, great job @VbScrub.

Thanks a lot :slight_smile: glad you enjoyed it and learned from it

Rooted! Took about 8 hours total because of all the rabbit holes I went down. Don’t look over the things that are in front of you.

Great machine, I just got lost a few times

User:
Get TxxxUxxx and find a user hash
Look at everything in the files. Paths are important
Read and compile what you find.

Root:
Don’t look over the files you see, passwords are password and exe’s are useful. The file isn’t empty, you need all info
Make sure you scan a lot of port, you never know what you have missed. Txxnxx is a friend
Look for more passwords now
Decompile

Hello guys, a frustrated Windows noob here. I am on the edge of giving up (the last, maybe 6-8 hours xD). I have found the credentials for the newcomers and used them to see new information on that low port, but I am stuck here for hours with zero progress without anything new. I know that something must be in-front of in any of the shares. I am not sure about how much I can mention in a comment regarding what I tried so far, so please pm me for a hint.

edit: Totally my fault, guys pay attention on this one. Rabbit hole #1, apparently uppercase arguments do not work when written with lowercase and usually produce all kinds of weird emotions and need for sanity checks!

I’m finally on my way for the user.

Now that was a ■■■■ good box. Thank you VBScrub for the box and for your help. I have learned sooooo much on this one. Not easy but then I’m new to the game but of the boxes I’ve done Nest has to be bar far the best on yet. I real good scrap that gave me a bloodied nose and a fat lip but taught me a lot as well. Thank you @VbScrub

Pilgrim23