Cascade

Type your comment> @PrivacyMonk3y said:

I’m guessing you have to RE this new share file but having trouble loading it in Olly and no clue how to use ghidra… right path?

Use an epic JetBrains tool :wink: (It’s .NET bro, it’s almost like if the tool was open source lol)

Just wasted an hour because I’m bad at PowerShell Syntax >.<

Just wasted many hours because I’m bad at Pentesting… stuck on RE of CA*.**e
Is that the way for root?

What a lovely machine @VbScrub , not a difficult journey yet interesting.

General Hints:

  • Enumeration, all the way (Obviously!), mostly manual, except for the foothold. Read carefully, don’t skip a line.
  • You need if a service doesn’t let you in, check another.
  • Not sure what is the the cLP** that people mentioned here! (DM me to know if it’s another path).
  • Collect any password or hash or key, you will use that later.
  • If there is any reversing, don’t panic, it is easy, just think logically, fill in the blanks!
  • Lastly, you don’t have to bring the dead to life, just ask about them.

If you need a nudge please tell me where you’re at, no general questions.

Found some interesting info in the RE but can’t seem to use it.
(#4#c###k#y######)

Bit lost in the RE, any push would be appreciated!

Rooted!
Hats off to you @VbScrub ! This was an amazingly well put together box. Definitely learned some new stuff while not being to frustratingly hard.

A Great Box !
Thank you @VbScrub

Type your comment> @xolan said:

Amazing box @VbScrub As someone who is notoriously garbage with windows, I learned a bunch of new stuff with this box!

user: really nothing to say but just enumerate more and read everything, later on a
windows vm helped me a lot to get a steamy recipe for the chef.

root: there have been plenty of good hints in the thread, main one being that you don’t necessarily need to be a necromancer to get the secrets of the dead.

PM me for hints but if your in the initial steps my reply will be just enumerate more

It’s been said more than once, but this is great advice. A Windows VM will likely make life easier for you at the second to last hurdle. I cruised very quickly to the user flag and then lost a day trying to get the root flag while using only Kali. I’m sure you can do it all on Kali, but Windows might make things go faster. Finally rooted :smile:

Thanks @VbScrub ! I really enjoyed it. ?

Thanks to @salt for giving me that useful hint for the last step of the initial foothold (really don’t know why I overthink that hex), anyway. Really cool box, enjoyed the manual enumeration and I can confirm that it is not necessary a Windows VM, with the evil friend and a useful Windows built-in module you can get it

More Hints

User

  • Sometimes a person can hide things
  • It is not a simple encoding

Root

  • Maybe the famous spy can help you
  • Tomb Raider

Hope not giving to much hints, remove the post if it is

I am having a really hard time getting access to ac user from ssh. I feel like it has something to do with the A***t.db file but cannot seem to find anything of importance. I am pretty sure I know what to do to get root afterwards but really struggling with this third user credential info. Any tips would be really appreciated, currently feeling kinda stupid based off how easy everyone else is claiming it to be.

EDIT: I think I understand now.

Finally Rooted.

User

  • Enumerate all the services which you might usually leave out, because generally they don’t give out much information. However, in this case there is some information that will give you access to enumerate further. Keep enumerating till you you’ve exhausted all the files accessible on the system. Keep a close eye on the files, always search for juicy keywords don’t just eyeball, you are bound to miss something important (like me).

Root

  • Dead people do have hidden secrets which can be extracted without black magic.

Please reach out on discord for help: jtnydv#5773

Thanks.

PS: Report if revealed too much.

Woot woot… that was a wild ride man.
Great box… it sucked my soul in for two days.
Thanks for the tips from @salt and others!

Now to get it to take muh hash!

This machine is really a professional one, I think this is not orange…
I think this is orange++ or red-.

no hints on user, too many nudge was given in this forum.

root:
don’t forget to re-enum (always!) with each credentials you found;
RE is really simple, move like Neo and go toward where all things begin.
There’s something that was deleted, message is clear: then become the right user and look for DETAILS without try to recover it.

I want to say a thing to @VbScrub , this machine, with your prior one, are really fluent, you are giving a way to a lot of us, to study new information and to get new knowledge that is worthy of contemplation

Really great respect, cheers from a destroyed Italy and sorry for my trouble English

foxlox

Is the reg file a rabbit hole?..cuz I’m not able to decode it

Type your comment> @spowlay said:

Is the reg file a rabbit hole?..cuz I’m not able to decode it
Nope, try harder

@spowlay said:

Is the reg file a rabbit hole?..cuz I’m not able to decode it

It is not a rabbit hole. You need to find different tools.

This box is awesome! Really professional and quite real life I would say. I love that it has components that test multiple skills. Also keeping track of information you find throughout the entire pentest is included in a good way.
Good work, keep it up @VbScrub !

Rooted great box…
For the foothold I was to much focused on the field name that was mentioned in one of the Videos. I wasted some time with that, but it is totally my own fault (assumption is the mother of …). In the end I used a tool in Windows. I wonder if it can be done in Kali. I still try to find out. Thanks @VbScrub !

Found a powershell command, that can be run on the host. So the Windows tool is not needed!

Rooted !
Cool Box ! Kudos to the creator @VbScrub !