Nest

1242527293037

Comments

  • I don't seem to find any other empty file other than N********.txt. via one common port. That's not decrytable I reckon. Am I expecting more than one empty files?

  • edited February 2020

    So i have gotten to the hash of *.***** user. No clue what to do now. I have navigated through every share possible using s******t, navigated through the H** service running in T****T. I have not found any empty files that people are mentioning. The empty files i found seem to be differently named than the ones mentioned by others here. could someone please point me to the right direction? Ive been stuck here for hours.

  • Can anyone please help me with the VB part? I can't seem to compile with online compiler...

  • Gotcha)) Rooted! Thx @VbScrub for this wornderful box! Very interesting)

  • @SpiffyLich said:
    Man, that was a super, super thorough machine. I think I learned more tools and tricks on this one, than most others.
    ...
    Love this machine, great job @VbScrub.

    Thanks a lot :) glad you enjoyed it and learned from it

  • edited February 2020

    Rooted! Took about 8 hours total because of all the rabbit holes I went down. Don't look over the things that are in front of you.

    Great machine, I just got lost a few times

    User:
    Get TxxxUxxx and find a user hash
    Look at everything in the files. Paths are important
    Read and compile what you find.

    Root:
    Don't look over the files you see, passwords are password and exe's are useful. The file isn't empty, you need all info
    Make sure you scan a lot of port, you never know what you have missed. Txxnxx is a friend
    Look for more passwords now
    Decompile

  • edited February 2020

    Hello guys, a frustrated Windows noob here. I am on the edge of giving up (the last, maybe 6-8 hours xD). I have found the credentials for the newcomers and used them to see new information on that low port, but I am stuck here for hours with zero progress without anything new. I know that something must be in-front of in any of the shares. I am not sure about how much I can mention in a comment regarding what I tried so far, so please pm me for a hint.

    edit: Totally my fault, guys pay attention on this one. Rabbit hole #1, apparently uppercase arguments do not work when written with lowercase and usually produce all kinds of weird emotions and need for sanity checks!

    I'm finally on my way for the user.

  • Now that was a damn good box. Thank you VBScrub for the box and for your help. I have learned sooooo much on this one. Not easy but then I'm new to the game but of the boxes I've done Nest has to be bar far the best on yet. I real good scrap that gave me a bloodied nose and a fat lip but taught me a lot as well. Thank you @VbScrub

    Pilgrim23
  • Type your comment> @73pp31in said:

    So i have gotten to the hash of *.***** user. No clue what to do now. I have navigated through every share possible using s******t, navigated through the H** service running in T****T. I have not found any empty files that people are mentioning. The empty files i found seem to be differently named than the ones mentioned by others here. could someone please point me to the right direction? Ive been stuck here for hours.

    In the files you find with T******r creds there is a hint on which floor *.***** user lives. Staircase might be entirely dark for a moment, but that doesn't mean you should go back.

  • @VbScrub is right. I was also stuck on that part, I connected and did not seem to be getting anything of value, certainly wasn't able to do anything other than traverse directories, and that was fairly painful.

    If you are stuck, I would highly recommend reading through the existing comments. There are a couple extremely excellent hints that won't make any sense until you get to certain points. Re-read the comments whenever you are stuck.

    This is not a really hard machine from a technical perspective, but a very well thought out puzzle and path, very creative.

    Type your comment> @VbScrub said:

    Type your comment> @Alex1PM1 said:

    hey guys im stuck with the hqk *** from port 43** can someone help me to find the right path

    there's 26 pages of help right here. If you've read them all and still need help then you'll have to be a lot more specific about what you're stuck on rather than just saying "I'm stuck"

  • I am trying to telnet the host but I only receive the information that the connection was refused, what can I be doing wrong?

    Hack The Box

  • edited February 2020

    Type your comment> @Gh0stBl4ck said:

    I am trying to telnet the host but I only receive the information that the connection was refused, what can I be doing wrong?

    if just telnet "ip"
    then default telnet port is used
    if telnet "ip" "port"
    then connection success

    Always happy to help others. 100% human

    https://www.mindfueldaily.com/livewell/thank-you/

  • @Ad0n said:
    I think i'll try to wrap my head around commandoVM with this machine, wish me luck boys... i think this is going to get a tad bumpy.

    goodlord, this box was smooth sailing up until the 3rd hour of release and i pretty much went down a rabbit hole that lasted until a few minutes go, definitely was chasing my tail for a while, but awesome job @vbscrub can't wait for you next box.

    user/root: over complicated the entire process thinking that i was looking for a hidden file that i couldn't find, i was convinced that i didn't know how to enumerate smb. Finally decided to throw my notes away and approach it like any other box . user and root came within an hour of each other.

  • help me,
    how to crack the hash of *.s**** and it use for L*** port 3** ?????
    Thanks in advance

  • how to decrypt empty .txt files ?

  • Type your comment> @acidbat said:

    Type your comment> @Gh0stBl4ck said:

    I am trying to telnet the host but I only receive the information that the connection was refused, what can I be doing wrong?

    if just telnet "ip"
    then default telnet port is used
    if telnet "ip" "port"
    then connection success

    I managed to connect via telnet, I will try to find out the next step.

    Thanks

    Hack The Box

  • edited February 2020

    Awesome box!! Really enjoyed it being something different then standard AD attacks.

    Everything needed to root this box is in the comments. You do not need any serious reversing, crypto, programing skills.

    Feel free to ping me for tips.

  • edited February 2020

    ok i figured out the empty file and am on to the next step. not sure what to do after "using" the new info i got from it

  • also i feel like a chump by going the windows route for the ads. would love to know the proper syntax for linux i couldnt figure out.

  • Hi all, after all of the work to get admin access to the box, i am struggling to find the location of the root.txt key. Any assistance would be appreciated

  • > @Chickenhawk007 said:
    > Hi all, after all of the work to get admin access to the box, i am struggling to find the location of the root.txt key. Any assistance would be appreciated

    Its in the same place it is in on every machine. There is a shortcut to it in the same location you found the user flag in just in case people go looking there for it, but yeah just go to the normal place.
  • @Chickenhawk007 said:
    Hi all, after all of the work to get admin access to the box, i am struggling to find the location of the root.txt key. Any assistance would be appreciated

    @VbScrub said:

    @Chickenhawk007 said:
    Hi all, after all of the work to get admin access to the box, i am struggling to find the location of the root.txt key. Any assistance would be appreciated

    Its in the same place it is in on every machine. There is a shortcut to it in the same location you found the user flag in just in case people go looking there for it, but yeah just go to the normal place.

    @VbScrub, Thx!! It was so close i just could not see the obvious.

  • CURSE YOU @VbScrub MY EYES ARE BURNING AND I STILL HAVENT FIGURED IT OUT ๐Ÿ˜ญ๐Ÿ˜ญ๐Ÿ˜ญ๐Ÿ˜ญ๐Ÿ˜ญ๐Ÿ˜ญ๐Ÿ˜ญ๐Ÿ˜ญ๐Ÿ˜ญ๐Ÿ˜ญ

  • I cannot be held responsible for any physical or mental injuries sustained while attacking this box :sweat_smile:

  • edited February 2020

    I kinda spoiled root for myself but it was a pretty good machine. I didn't think I'd learn something going into this but I actually did =)

    m3ll0

    OSCP

  • Thanks for the box. Finally learned something about reversing and had fun. :smile:
    \m/,

    Hack The Box

  • I love RE and this was an awesome box. @VbScrub congrats, this is one of the best machines I've done. For anyone who solved this the unintended way, definitely redo it.

    Derezzed

    If I help you out please send me some respect :P

  • edited February 2020

    I'm at the final mile. I've found the d*g password, accessed the high port service, run the new commands, and I know I have to download something, but I just couldn't figure how to. Nudges are much appreciated!

    Update: Many thanks to @Derezzed! Found the root flag

  • there is someone who can also help me in pm for the user
    root ... I think I'm on the right starda ... (exe binary) open with stringer
  • I've been trying to compile the script on my PC for weeks now to no avail, can someone please help me with this. I have zero knowledge of visual basic.

Sign In to comment.