Cascade

Woohoo. Rooted! Thanks @b3nn and @moszkva for the nudges. Thanks @VbScrub for a great box. Your boxes are great AD practice.
General hint for this box: Screw your automated scripts. This needs you to think through the data you’re looking at
DM for nudges.

@anuragd said:
General hint for this box: Screw your automated scripts. This needs you to think through the data you’re looking at

Thanks, that’s exactly what I was going for :slight_smile:

Very nice box, VbScrub! Learned something new here. Not all data sources are equal, even tho if they appear to be! Windows is weird!

got user.txt but HTB keep saying it’s invalid lol ?

Type your comment> @sazouki said:

got user.txt but HTB keep saying it’s invalid lol ?

Type your comment> @VbScrub said:

Type your comment> @sazouki said:

got user.txt but HTB keep saying it’s invalid lol ?

HTB News | Integrity of Hack The Box

yeah got it & rooted thanks for this machine

@VbScrub said:

@sazouki said:
got user.txt but HTB keep saying it’s invalid lol ?

HTB News | Integrity of Hack The Box

This is getting ludicrous. Are we expected to reset a box, once we got user, just to get a fresh hash? :rage:
Got user, submitted the hash within 5-10s and got invalid. The Machine was NOT reset during those few seconds, since my session is still valid (and I didn’t see anything related in the shoutbox).
Now, even after resetting the machine, the hash is the same and invalid :confused:

Thx for the box! @VbScrub ! Enjoyed a lot doing it

t> @HomeSen said:

@VbScrub said:

@sazouki said:
got user.txt but HTB keep saying it’s invalid lol ?

HTB News | Integrity of Hack The Box

This is getting ludicrous. Are we expected to reset a box, once we got user, just to get a fresh hash? :rage:
Got user, submitted the hash within 5-10s and got invalid. The Machine was NOT reset during those few seconds, since my session is still valid (and I didn’t see anything related in the shoutbox).
Now, even after resetting the machine, the hash is the same and invalid :confused:

Then maybe that’s not the hash?

You mean user.txt?

If so that’s super weird and I’d suggest to contact HTB about that.

@l0w said:

@HomeSen said:

@VbScrub said:

@sazouki said:
got user.txt but HTB keep saying it’s invalid lol ?

HTB News | Integrity of Hack The Box

This is getting ludicrous. Are we expected to reset a box, once we got user, just to get a fresh hash? :rage:
Got user, submitted the hash within 5-10s and got invalid. The Machine was NOT reset during those few seconds, since my session is still valid (and I didn’t see anything related in the shoutbox).
Now, even after resetting the machine, the hash is the same and invalid :confused:

Then maybe that’s not the hash?

You mean user.txt?

If so that’s super weird and I’d suggest to contact HTB about that.

After yet another reset, a new hash was generated and it actually worked.

Also, finally rooted the machine.
Thank you @VbScrub for that machine. Really enjoyed it. Especially the part having to use “standard service tools” to get the information that one seeks :slight_smile:

Really fun box, I enjoyed it and I learned new stuffs about LDAP
Thank you @VbScrub

I have read the massive output of e4*x several times, line by line, but no password found. Am I looking on the right place?

@roelvb said:
I have read the massive output of e4*x several times, line by line, but no password found. Am I looking on the right place?

The information you seek is not there.
I’d suggest switching to more traditional enumeration tools :wink:

Type your comment> @roelvb said:

I have read the massive output of e4*x several times, line by line, but no password found. Am I looking on the right place?

try harder

Type your comment> @sm4sh0ps said:

Type your comment> @roelvb said:

I have read the massive output of e4*x several times, line by line, but no password found. Am I looking on the right place?

try harder

Thanks, great advise ?

Learned five things from this box, great box! Thanks to @VbScrub !

USER

Thorough enumeration is the key and last but not least some googling if spider sense starts tingling.

ROOT

Try to peek inside. Learn who you are. Try to relate with something you gathered if Monster Reborn magic card unavailable (if can’t relate do some readings).

  • Scripts not gonna work, this box gonna hone your enumeration skill. Good practice.

Fun box overall. The storage method of the very first and very last password were a bit unrealistic to me but sometimes that’s needed for the learning experience.

User was challenging @VbScrub, def taught me a valuable lesson at saving everything for second, and third look overs.

Now, off to find root.

Find KryptSec @ KryptSec

I got root.

PM if you need help.

@VbScrub Dude, I liked your last box, but I LOVED this box. It was kind of a love-hate relationship, but by the end it was actually fun and I learned a TON! I look forward to the other boxes you have queued up.

Normally I come for tons of clues, but I think this one gave enough clues to every step to keep moving. Prost and Cheers!