Nest

I been spinning my wheels on this most of the day. Never done any reversing before. I got the user flag and I have a 0 byte file plus and exe. I been playing around on the high port but I not sure what my next step is. I looked back though some of the pages and I have tried a hand full of things on the 0 byte file but still can’t seem to put this puzzle together. Can I someone PM me?

Headbang x 1000. I’ve got everything bar a way of revealing the locat of the root flag. Can someone please pm me on how I can get it to show itself please?

Thanks

Pilgrim23

Finally rooted! Learnt alot, thanks @VbScrub

@Pilgrim23 said:
I get ‘Invalid database configuration found. Please contact your system administrator’ when trying to do things on the higher port. Is this deliberate to get me to look elsewhere or is it an actual issue?

it is deliberate and cannot be fixed

Finally rooted!!! I overthought this machine so hardcore. However I learned an incredible amount about windows and active directory in the process. One of my favorites so far.

edit: wrong forum lol.

Rooted!

Man, that was a super, super thorough machine. I think I learned more tools and tricks on this one, than most others.

This is one of those cases where terms like “Easy” and “Hard” don’t really describe things too well.

There’s a lot to do, and a lot of information to comb through. None of the things you are tasked with doing are very hard at all… but there’s so many different areas of knowledge being tested that I’m sure most newer users will be learning something, somewhere.

The “empty file” portion was really cool, and threw me for a loop!

Love this machine, great job @VbScrub.

I don’t seem to find any other empty file other than N********.txt. via one common port. That’s not decrytable I reckon. Am I expecting more than one empty files?

So i have gotten to the hash of .**** user. No clue what to do now. I have navigated through every share possible using st, navigated through the H service running in TT. I have not found any empty files that people are mentioning. The empty files i found seem to be differently named than the ones mentioned by others here. could someone please point me to the right direction? Ive been stuck here for hours.

Can anyone please help me with the VB part? I can’t seem to compile with online compiler…

Gotcha)) Rooted! Thx @VbScrub for this wornderful box! Very interesting)

@SpiffyLich said:
Man, that was a super, super thorough machine. I think I learned more tools and tricks on this one, than most others.

Love this machine, great job @VbScrub.

Thanks a lot :slight_smile: glad you enjoyed it and learned from it

Rooted! Took about 8 hours total because of all the rabbit holes I went down. Don’t look over the things that are in front of you.

Great machine, I just got lost a few times

User:
Get TxxxUxxx and find a user hash
Look at everything in the files. Paths are important
Read and compile what you find.

Root:
Don’t look over the files you see, passwords are password and exe’s are useful. The file isn’t empty, you need all info
Make sure you scan a lot of port, you never know what you have missed. Txxnxx is a friend
Look for more passwords now
Decompile

Hello guys, a frustrated Windows noob here. I am on the edge of giving up (the last, maybe 6-8 hours xD). I have found the credentials for the newcomers and used them to see new information on that low port, but I am stuck here for hours with zero progress without anything new. I know that something must be in-front of in any of the shares. I am not sure about how much I can mention in a comment regarding what I tried so far, so please pm me for a hint.

edit: Totally my fault, guys pay attention on this one. Rabbit hole #1, apparently uppercase arguments do not work when written with lowercase and usually produce all kinds of weird emotions and need for sanity checks!

I’m finally on my way for the user.

Now that was a ■■■■ good box. Thank you VBScrub for the box and for your help. I have learned sooooo much on this one. Not easy but then I’m new to the game but of the boxes I’ve done Nest has to be bar far the best on yet. I real good scrap that gave me a bloodied nose and a fat lip but taught me a lot as well. Thank you @VbScrub

Pilgrim23

Type your comment> @73pp31in said:

So i have gotten to the hash of .**** user. No clue what to do now. I have navigated through every share possible using st, navigated through the H service running in TT. I have not found any empty files that people are mentioning. The empty files i found seem to be differently named than the ones mentioned by others here. could someone please point me to the right direction? Ive been stuck here for hours.

In the files you find with T**r creds there is a hint on which floor . user lives. Staircase might be entirely dark for a moment, but that doesn’t mean you should go back.

@VbScrub is right. I was also stuck on that part, I connected and did not seem to be getting anything of value, certainly wasn’t able to do anything other than traverse directories, and that was fairly painful.

If you are stuck, I would highly recommend reading through the existing comments. There are a couple extremely excellent hints that won’t make any sense until you get to certain points. Re-read the comments whenever you are stuck.

This is not a really hard machine from a technical perspective, but a very well thought out puzzle and path, very creative.

Type your comment> @VbScrub said:

Type your comment> @Alex1PM1 said:

hey guys im stuck with the hqk *** from port 43** can someone help me to find the right path

there’s 26 pages of help right here. If you’ve read them all and still need help then you’ll have to be a lot more specific about what you’re stuck on rather than just saying “I’m stuck”

I am trying to telnet the host but I only receive the information that the connection was refused, what can I be doing wrong?

Type your comment> @Gh0stBl4ck said:

I am trying to telnet the host but I only receive the information that the connection was refused, what can I be doing wrong?

if just telnet “ip”
then default telnet port is used
if telnet “ip” “port”
then connection success

@Ad0n said:
I think i’ll try to wrap my head around commandoVM with this machine, wish me luck boys… i think this is going to get a tad bumpy.

goodlord, this box was smooth sailing up until the 3rd hour of release and i pretty much went down a rabbit hole that lasted until a few minutes go, definitely was chasing my tail for a while, but awesome job @vbscrub can’t wait for you next box.

user/root: over complicated the entire process thinking that i was looking for a hidden file that i couldn’t find, i was convinced that i didn’t know how to enumerate smb. Finally decided to throw my notes away and approach it like any other box . user and root came within an hour of each other.

help me,
how to crack the hash of .s*** and it use for L*** port 3** ???
Thanks in advance