Cascade

Type your comment> @xboxfreak54 said:

…Is this supposed to happen or is there something wrong on my end? …
The fact that you can connect but can’t list shares simply means you don’t have the permission to.

had to reset box to get new flag for user (first one invalid), is that something new?

Fun box, thank you

Edit: Wow getting spammed with requests for hints. Maybe in a week, not first day :slight_smile:

Type your comment

Found a large list of users but can’t seem to find any passwords, can someone give me a small nudge.

Ok my Windows skills are really lacking obviously … Need a little push in the right direction. Already have mr T’s password and some stuff from S** . None of it seems too interesting, can’t login with the evil one. Any hints ?

thanks @VbScrub, nice box. Teaches you a thing or 2 about the value of documenting during the enumeration process. I also liked the chaining aspect of this box.

Type your comment> @illwill said:

had to reset box to get new flag for user (first one invalid), is that something new?

Yeah htb introduced dynamic flags recently

thanks @b3nn for the nudge and @VbScrub for such an awesome box! :smile:

Just got user… make sure your enum is on point. Blink and you might miss it!

Rooted :slight_smile:

Very fun box, learned a couple of things along the way!

Hints for User: Like I saw someone sometime in HTB write: Enum, Enum and Enum. If you think you’re lost then you didn’t enum enough.

Hint for Root: After your first sidestep, it’s a nice leaf you landed on. Maybe there are other leafs? Maybe they fell already? (Sorry for cryptic text but I honestly don’t know how to put it otherwise haha).

Feel free to PM me if you have any questions :slight_smile:

EDIT: lol got a lot of messages. HTB kinda blocked me for some time so answers will be delayed, but honestly the hints I left should be more than enough for a foothold, root might be more tricky.

Rooted. Thanks @VbScrub, good box and I learned something new on priv esc. For root pay attention to who you are. A resurrection is not required at the final hurdle.

Type your comment> @sm4sh0ps said:

Rooted. Thanks @VbScrub, good box and I learned something new on priv esc. For root pay attention to who you are. A resurrection is not required at the final hurdle.

yeah I did originally want to have you go through with that final part, but it wouldn’t work with multiple people attacking the box

Anyone getting this error trying to list SMB shares?

smb1cli_req_writev_submit: called for dialect[SMB2_10] server[10.10.10.182]
Error returning browse list: NT_STATUS_REVISION_MISMATCH

Got user, root is really being a pain for me tho…

AND root is done aswell. Really nice box @VbScrub

got the usernames… stuck on how to get the password… any nudge. kindly Pm me

rooted, i really enjoyed box thanks @VbScrub for this box. pm for nuggets

rooted. Thank you @VbScrub for this great box.

User: enum and enum between 2 ports back and forth. Find a needle in haystack.
Root:

  • Inspect the second user. Find what he will do when we wakes up.
  • For the third user, using a Windows machine and the chef may be a shortcut.
  • The third user can retrieve a secret from the dead.

Thx for this box bro! @VbScrub
I really loved it!
keep them coming.

I’ve got the users list. Any nudge on how to get the passwords, I’ve tried several tools since yesterday and haven’t made any progress. Cheers.