Cascade

Rooted!!!

Wow,what a ride @VbScrub ,that initial foothold cracked my skull for quite some time but once over it it was smooth sail until the RE step and @cyberafro and @EvilT0r13 helped me cross that bridge.
Looking back at it I can see how the machine was really straightforward and could have potentially been rated easy,I guess that RE changed that rating.A lot of hints in the initial enumeration to complete the whole box honestly,enum enum and more enum!!!
This box just added onto my now extensive experience in AD bro,interacting with the dead was a brand new concept to me completely.

Would anyone be willing to nudge on what to do with the hex info in .r** file? I am out of ideas what else to try. I got r.t user and password, looted through files and have been completely stuck for 2 days since…

@egorchel said:

Would anyone be willing to nudge on what to do with the hex info in .r** file? I am out of ideas what else to try. I got r.t user and password, looted through files and have been completely stuck for 2 days since…

Google the tool and there are a few articles on how to translate that into a real password. It’s easier on windows but can be done in Linux as far as I am aware.

Spoiler Removed

Rooted i very like this machine.
@VbScrub wait for your next one thanks for great boxes :slight_smile:

I don’t normally comment on boxes. This one actually represented the difficulty level in my opinion. As far as how real it is very real if your doing a pentest. Dumping GC and grepping for keywords is very common way of finding interesting things even if your a normal admin doing maintenance.

Kudos @VbScrub

Rooted. Thanks @VbScrub for the good box.

Hint for root: all that you need is the right param.

When I got my hands on the root, I understood what everyone’s admiration meant.
Very nice box.Thanks to @VbScrub .

got cred for a****c but not sure how to use them. Can someone give me a hint plz

i have the passwd of r.**son,and vc passwd ,but i can’t login from psexec,wmiexe,winrm…is this mean i don’t have corret auth? or other server i can login i caught not find?

##i finally make it

Hi, is anybody available to give me quick RE familiarization, please? I am totally new in the RE field. My discord Ric0#7152

I finally did it.
What a funny machine.
Had lost a lot of time with the first user at the beginning. Here you really need eagle eyes, if you do not know what you are looking for.
So I have also learned something that I should look at additionally.
After that, everything came one by one

For user and root access everything is already here.

I’m not sure why anyone needs the .reg file.

So if anyone needs a nudge, text me

rooted finally,
Foothold was easy as long you are not lazy like me and that got me stuck for a while.
root part was quite interesting and tought me something new about AD and user’s permissions. happy to give nudges if required.

I saw many hints for root is talking to the dead. Still wondering what it means :expressionless:
NVM, got what it means :smiley:
Still need the 3rd user so I can talked to the dead
Edit: got it. rooted :smile:

@x00byte said:

@VbScrub said:

@x00byte said:
Hi so i got root flag first is this an unintended method ?

Yep. Someone probably restored an object they shouldn’t have. Don’t really know why they’d do that as you only gain permissions to do that when you already have root :confused: but yeah, reset the box and try again

Well I have to do it again ?

Not necessarily. As @TazWake said, it depends on how you got there.
It is possible to get to root without ever using shell access with the “user” user :wink:

@TazWake said:

@egorchel said:

Would anyone be willing to nudge on what to do with the hex info in .r** file? I am out of ideas what else to try. I got r.t user and password, looted through files and have been completely stuck for 2 days since…

Google the tool and there are a few articles on how to translate that into a real password. It’s easier on windows but can be done in Linux as far as I am aware.

There are Python scripts that can do it for you. Funnily enough, a colleague needed that script a few weeks ago during an actual engagement :lol:

Type your comment> @Ric0 said:

Hi, is anybody available to give me quick RE familiarization, please? I am totally new in the RE field. My discord Ric0#7152

Got RE solved finally. Wasn’t too scary then I had thought :wink: Big thanks to @pch12 @critlize @cY83rR0H1t

Hey dear community, i stuck at the RE on the A**** folder. I don’t know how to proceed and how to open the .d** files correctly, can i get some help please?

Type your comment> @Ric0 said:

Type your comment> @Ric0 said:

Hi, is anybody available to give me quick RE familiarization, please? I am totally new in the RE field. My discord Ric0#7152

Got RE solved finally. Wasn’t too scary then I had thought :wink: Big thanks to @pch12 @critlize @cY83rR0H1t

You welcome ?

Is there any problem with root flag submission? I tired several times incl machine reset but still incorrect.

Type your comment> @Ric0 said:

Is there any problem with root flag submission? I tried several times incl machine reset but still incorrect.

I think the flag is changing. when some is resetting the machine.