Nest

Hello guys, a frustrated Windows noob here. I am on the edge of giving up (the last, maybe 6-8 hours xD). I have found the credentials for the newcomers and used them to see new information on that low port, but I am stuck here for hours with zero progress without anything new. I know that something must be in-front of in any of the shares. I am not sure about how much I can mention in a comment regarding what I tried so far, so please pm me for a hint.

edit: Totally my fault, guys pay attention on this one. Rabbit hole #1, apparently uppercase arguments do not work when written with lowercase and usually produce all kinds of weird emotions and need for sanity checks!

I’m finally on my way for the user.

Now that was a ■■■■ good box. Thank you VBScrub for the box and for your help. I have learned sooooo much on this one. Not easy but then I’m new to the game but of the boxes I’ve done Nest has to be bar far the best on yet. I real good scrap that gave me a bloodied nose and a fat lip but taught me a lot as well. Thank you @VbScrub

Pilgrim23

Type your comment> @73pp31in said:

So i have gotten to the hash of .**** user. No clue what to do now. I have navigated through every share possible using st, navigated through the H service running in TT. I have not found any empty files that people are mentioning. The empty files i found seem to be differently named than the ones mentioned by others here. could someone please point me to the right direction? Ive been stuck here for hours.

In the files you find with T**r creds there is a hint on which floor . user lives. Staircase might be entirely dark for a moment, but that doesn’t mean you should go back.

@VbScrub is right. I was also stuck on that part, I connected and did not seem to be getting anything of value, certainly wasn’t able to do anything other than traverse directories, and that was fairly painful.

If you are stuck, I would highly recommend reading through the existing comments. There are a couple extremely excellent hints that won’t make any sense until you get to certain points. Re-read the comments whenever you are stuck.

This is not a really hard machine from a technical perspective, but a very well thought out puzzle and path, very creative.

Type your comment> @VbScrub said:

Type your comment> @Alex1PM1 said:

hey guys im stuck with the hqk *** from port 43** can someone help me to find the right path

there’s 26 pages of help right here. If you’ve read them all and still need help then you’ll have to be a lot more specific about what you’re stuck on rather than just saying “I’m stuck”

I am trying to telnet the host but I only receive the information that the connection was refused, what can I be doing wrong?

Type your comment> @Gh0stBl4ck said:

I am trying to telnet the host but I only receive the information that the connection was refused, what can I be doing wrong?

if just telnet “ip”
then default telnet port is used
if telnet “ip” “port”
then connection success

@Ad0n said:
I think i’ll try to wrap my head around commandoVM with this machine, wish me luck boys… i think this is going to get a tad bumpy.

goodlord, this box was smooth sailing up until the 3rd hour of release and i pretty much went down a rabbit hole that lasted until a few minutes go, definitely was chasing my tail for a while, but awesome job @vbscrub can’t wait for you next box.

user/root: over complicated the entire process thinking that i was looking for a hidden file that i couldn’t find, i was convinced that i didn’t know how to enumerate smb. Finally decided to throw my notes away and approach it like any other box . user and root came within an hour of each other.

help me,
how to crack the hash of .s*** and it use for L*** port 3** ???
Thanks in advance

how to decrypt empty .txt files ?

Type your comment> @acidbat said:

Type your comment> @Gh0stBl4ck said:

I am trying to telnet the host but I only receive the information that the connection was refused, what can I be doing wrong?

if just telnet “ip”
then default telnet port is used
if telnet “ip” “port”
then connection success

I managed to connect via telnet, I will try to find out the next step.

Thanks

Awesome box!! Really enjoyed it being something different then standard AD attacks.

Everything needed to root this box is in the comments. You do not need any serious reversing, crypto, programing skills.

Feel free to ping me for tips.

ok i figured out the empty file and am on to the next step. not sure what to do after “using” the new info i got from it

also i feel like a chump by going the windows route for the ads. would love to know the proper syntax for linux i couldnt figure out.

Hi all, after all of the work to get admin access to the box, i am struggling to find the location of the root.txt key. Any assistance would be appreciated

@Chickenhawk007 said:
Hi all, after all of the work to get admin access to the box, i am struggling to find the location of the root.txt key. Any assistance would be appreciated

Its in the same place it is in on every machine. There is a shortcut to it in the same location you found the user flag in just in case people go looking there for it, but yeah just go to the normal place.

@Chickenhawk007 said:
Hi all, after all of the work to get admin access to the box, i am struggling to find the location of the root.txt key. Any assistance would be appreciated

@VbScrub said:

@Chickenhawk007 said:
Hi all, after all of the work to get admin access to the box, i am struggling to find the location of the root.txt key. Any assistance would be appreciated

Its in the same place it is in on every machine. There is a shortcut to it in the same location you found the user flag in just in case people go looking there for it, but yeah just go to the normal place.

@VbScrub, Thx!! It was so close i just could not see the obvious.

CURSE YOU @VbScrub MY EYES ARE BURNING AND I STILL HAVENT FIGURED IT OUT ???

I cannot be held responsible for any physical or mental injuries sustained while attacking this box :sweat_smile:

I kinda spoiled root for myself but it was a pretty good machine. I didn’t think I’d learn something going into this but I actually did =)

Thanks for the box. Finally learned something about reversing and had fun. :smile:
\m/,