Nest

Type your comment> @TazWake said:

@alicemacs said:

I don’t have the file. So, I have to the file, right?

You have to have the file s, yes.

I think I only get the file with lower port. I carefully seek the file. However, I haven’t found it. Can I give me more hint…

Type your comment> @alicemacs said:

Type your comment> @TazWake said:

@alicemacs said:

I don’t have the file. So, I have to the file, right?

You have to have the file s, yes.

I think I only get the file with lower port. I carefully seek the file. However, I haven’t found it. Can I give me more hint…

Sorry, I found the directory! I think I can’t access the directory…Thanks a lot!!!

@alicemacs said:

Sorry, I found the directory! I think I can’t access the directory…Thanks a lot!!!

There is a folder you may think you cant access because you cant access its parent folder. But you can access the folder.

Now , I try getting root. I found the decrypt algorithm. However, I can’t find ciphertext. I thinks a empty file is ciphertext. However, the file is 0 byte…

This thread is like groundhog day :lol: come on guys, at least read the last few pages before asking the exact same question that’s been answered loads of times before. If you need more specific help, PM someone.

@alicemacs said:

Now , I try getting root. I found the decrypt algorithm. However, I can’t find ciphertext. I thinks a empty file is ciphertext. However, the file is 0 byte…

The empty file isnt ciphertext. Scroll up a few questions and its discussed quite a bit.

I got a root.txt!!!
I learned a couple of tips on Windows.
I appreciate @TazWake help.

Finally! What a challenge that was :smile:

Huge shout out to @VbScrub for the fun box!

Props to @n00py whose hint got me over the last hurdle.

Thanks to both! :wink:

Completed start to finish on Kali alone. There are ways.

FYI, for those who used dotnetfiddle.net. You might want to make sure your repo is private. Stumbled across someone’s code while Google-FUing the ru_****.x and found the user’s password in plain text. Made for an easy user flag but it’s kinda disappointing that I didn’t get to do the last step or two for user by myself.

I connected to the machine via telnet from 4**6 port, only LIST and SETDIR commands are working. i don’t know what to sleep i’m not good on windows machines …

@Tatik said:

I connected to the machine via telnet from 4**6 port, only LIST and SETDIR commands are working. i don’t know what to sleep i’m not good on windows machines …

I know its off-putting but read through the previous threads. This has been asked a lot of times and literally everything you need to know is on the previous pages.

Start with the other port. If you use windows as your normal day to day machine, enumeration should be fairly simple.

I read but couldn’t find what I was looking for.
I found user.txt and got stuck in root

@Tatik said:

I read but couldn’t find what I was looking for.
I found user.txt and got stuck in root

Ok, if you have the user, then you need to look hard and find the thing you need to make the other port useable.

Okay, my first ever try on pentesting and I really enjoyed it.
It was a tough one and here is what I think:
++ I was stuck at first point of finding t****r password but I found out that I was not using correct syxtax (Being from windows background), so first challenger was for me to learn the syntax and get used to linux command line
++ I was familiar with windows streams however I struggled to open them in linux so had to transfer them to windows box and then get info out of them.
++ compiling the VB code was easy enough for me as I had previous knowledge of VB for both user and root part.

massive thanks to @VbScrub and @TazWake for their pointers.
Off to the next box.

Rooted !

Thank you very much to @TazWake and @disastrpc.

Woow, The Machine Is Not Easy!

Type your comment> @VbScrub said:

This thread is like groundhog day :lol: come on guys, at least read the last few pages before asking the exact same question that’s been answered loads of times before. If you need more specific help, PM someone.

speaking of groundhogs day, i see that your next machine has been accepted any idea of what it is suppose to replace and when that’s going to be?

@Ad0n I don’t know what it will replace but I was told it will be released before the end of this month

Rooted,
I have mixed feelings about this machine. Too CTF-like for me. I liked the VB Part since I used that for some projects years ago. The rest, not so much.
Some methods are so old it should not be allowed to be used anymore, therefor this machine has little to none real-life vectors. This is more a puzzle box imho.
Luckily I had VS and a windows VM ready to go, I would advise to use that otherwise you will be installing tools for some time. I know you can do it in linux but it’s a pain.

for root: do the .exe last, spend so much time reversing the vb, it gives errors when you don’t have the right hash. The things you need from it only works when you have the hidden file used.

Hope I didn’t spoil to much.

Hi All,

could anyone help me on root access, I found the admin hash and exe file, what is the best software to analyse the file to modify the source code and decrypt the password.

Type your comment> @kan3k1 said:

Hey I am having issues on the last step.
I managed to get H* L* .exe, the empty file and H* _C* _B* .xml, but when trying to run it with mono:

“Please ensure the optional database import module is installed”

I am using Linux probably that’s why I am having so much issues with running the exe

Did you ever get an answer on this?