Nest

Just finished the box - what a ride! Huge thanks to @VbScrub , this box was awesome! Really looking forward to you next boxes.
While I personally found it challenging, I can understand why this box was rated easy - once you chose the appropriate tools, everything is evenly laid out for you. The difficult part is of course knowing which tool to use :wink: But then again, that’s when this thread comes into play for grabbing hints and nudges as you need them.
Thanks to @alcatrazk and @NobodyTellsMe for helping me out when I got stuck!

Anybody else having troubles with the box periodically going down?

For those wondering how you can connect to the service using netcat, just use the -C switch. This will append a CRLF to your data exactly like Telnet does by default.

I don’t know if anybody else mentioned that trick in that giant thread, didn’t read all pages

User was a real pain but root was easy as f***

Rooted! thanks @VbScrub for the box and thanks @Xurfcha for the help , i learned a lot. Ping me if you need some help

Not the challenging part of the box im sure but im struggling to extract the ADS fron D**** M*** P*******.txt…no bueno for everything i try…

@ByteM3 said:

Not the challenging part of the box im sure but im struggling to extract the ADS fron D**** M*** P*******.txt…no bueno for everything i try…

You’re 100% right it’s not. Take some time to research it well first - then there’s a very simple way to extract it / create them in Windows. #TryHarder let your interest guide you! :smile:

Type your comment> @Deflncha said:

You’re 100% right it’s not. Take some time to research it well first - then there’s a very simple way to extract it / create them in Windows. #TryHarder let your interest guide you! :smile:

Yes, i’ve tried hard. Ive tried for about half a day reading and trying cmd line, powershell, linux, even GUI tools! But nothing!

Rooted.

Rooted.

Cool box, took me a while to get user… Had to research visual b. but when i got it, it was easy.
Root part was interesting, but not that exhausting as User. Same method and just right stuff. Got stuck on high port, but I was on the right track. just needed to think behind a little bit… After that it was fast.
Learned new tools! Thanks!
All i needed was Kali Linux and one cool tool from github

I can´t read the info in the empty file… some one can help me on PM?
I know that is an NTFS capabilitie, but even in Windows i can´t read the S****M…

There are many hints in this thread regarding this. The way you read will depend you do that on Linux or Windows. Google it.
Personally i just used s*******t on Kali.
Btw use MAN on that tool to see what you need.

For the root, i cant download the exe for reversing it : what tool should i use for ?

Managed to get root! I can definitely see why a lot of users are wanting to push this into the medium category. However, it is clear the creator does not expect anyone to be an expert at reverse engineering binaries. I was stuck for a while because I was overthinking things and examining the functions inside and out. You don’t need to do that. Honestly you only need parts of them and you can just use them without really knowing what’s going on internally. If you’ve spent a lot of time reading the code, you probably haven’t enumerated enough. PM me if you want hints towards tools or getting flags in general.

Ok sucessfully rooted. I really wonder how realistic the very last part is. Maybe someone can put this a little bit in perpective. Is the HQK Service totally miconfigured or is it quite realistic? Also i would like to know if this LDAP.exe is part of the real HQK Software or some custom add-on some imaginary Programmer wrote :smiley: Does somebody know and worked with Services like that?#

Edit: Nvm, just found out HQK ist a custom programm of the box Creator :sweat_smile:

@101001101029A said:

Ok sucessfully rooted. I really wonder how realistic the very last part is.

I think it may depend on many factors. Privileged access to an application often grants you access to things the developers think you wont have access to. Being able to analyse the application and have some useful loot the developers think is a secret is a very frequently identified security vulnerability.

Maybe someone can put this a little bit in perpective. Is the HQK Service totally miconfigured or is it quite realistic?

I am not sure why you’d think it was misconfigured. Privileged user access seemed fairly rational.

Also i would like to know if this LDAP.exe is part of the real HQK Software or some custom add-on some imaginary Programmer wrote :smiley: Does somebody know and worked with Services like that?

Is there a real HQK software package?

Got Root, very nice and funny box, hard to find the debug pass if you are not familiar with this kind of data storage. as im curious, i looked at the service and found a litte easter egg: try to type HTB on the higher port :wink:

@secure77 said:
Got Root, very nice and funny box, hard to find the debug pass if you are not familiar with this kind of data storage. as im curious, i looked at the service and found a litte easter egg: try to type HTB on the higher port :wink:

Haha I forgot about that. Glad someone found it

Have a few xml files and a b64 encoded file. where to from here?

@Wolfman000 said:

Have a few xml files and a b64 encoded file. where to from here?

Its not base64.

Got root! ■■■■ this was a tricky one for me. Learned to use some linux tools properly with this one. Without the hints in the forum I never would have found some things.
Fun box, so thanks @VbScrub !

I have some programming background, so the code things weren’t a big issue. But ■■■■ you for making me touch VB. I feel dirty now. There’s C# for a reason, you know :wink: