Cascade

Thanks @VbScrub for this machine. Nicely done !

The hints of @clubby789 and @moszkva should be enough to not spoil anything.
PM if you need more help.

There is soooo much data to parse for initial foothold. My only lead at this point cLP**? Am I going the right way?

Type your comment> @anuragd said:

There is soooo much data to parse for initial foothold. My only lead at this point cLP**? Am I going the right way?

and yet its still only about 1% of the data you’d have to look at in a real world attack :wink:

But yes, you’re on the right track. In fact you pretty much have finished the track

Got User and new creds.
I think I should get something “back” buf if I’m right then the PS Cmdlet is not working

Any hints?

Type your comment> @VbScrub said:

Type your comment> @anuragd said:

There is soooo much data to parse for initial foothold. My only lead at this point cLP**? Am I going the right way?

and yet its still only about 1% of the data you’d have to look at in a real world attack :wink:

But yes, you’re on the right track. In fact you pretty much have finished the track

I guess that is true. I have to thank you for that moment when I finally saw that field though. It was gratifying.

Rooted! Thx @VbScrub ! Great Fun. Learn something new for the root. And spent way too much time having the wrong logic!

User: Enum, Enum, Enum!
Root: The Chef can make it easier! Maybe you dont have to bring dead people to life to learn more about them… if it make sense… :slight_smile:

Anyone else having trouble submitting user flag? HTB is saying incorrect flag and it definitely is the right flag lol

Edit: Reset the box and new flag appeared. disregard.

Didn’t find any interesting things other than the bunch of users.
Any hints?

Thanks @gverre for the nudge and @VbScrub for the fun box.
There are some similarities to nest on the path to root which I completely overlooked.

any nudges on how to use the user creds for an actual foothold?

Type your comment> @anuragd said:

any nudges on how to use the user creds for an actual foothold?
if that’s the first user you found, then you’d need to do more enumeration using what you’ve just got.

Hmm…can ping the box and get a response back but nmap shows as host down…anybody else run into this?

Is anyone having problems listing the shares using smbmap and smbclient? I can connect to know shares such as SYSVOL or IPC$ with a null session ( just to test if it is working and are usually there by default ) but when trying to list all the shares I get errors such as “SMB1 disabled – no workgroup available”. Is this supposed to happen or is there something wrong on my end? Or is this completely unnecessary to get user?

Type your comment> @xboxfreak54 said:

…Is this supposed to happen or is there something wrong on my end? …
The fact that you can connect but can’t list shares simply means you don’t have the permission to.

had to reset box to get new flag for user (first one invalid), is that something new?

Fun box, thank you

Edit: Wow getting spammed with requests for hints. Maybe in a week, not first day :slight_smile:

Type your comment

Found a large list of users but can’t seem to find any passwords, can someone give me a small nudge.

Ok my Windows skills are really lacking obviously … Need a little push in the right direction. Already have mr T’s password and some stuff from S** . None of it seems too interesting, can’t login with the evil one. Any hints ?

thanks @VbScrub, nice box. Teaches you a thing or 2 about the value of documenting during the enumeration process. I also liked the chaining aspect of this box.