Nest

13133353637

Comments

  • Type your comment> @VbScrub said:

    Type your comment> @GokuBlackSSR said:

    I was able to get and UNC path point to an database file somewhere i think, and if i run the exe in Windows he asks for this database file... i am right? :smiley:

    you don't need to run the executable, just look inside it

    Sorry i explained myself badly, i look inside it exe, and i get this info "UNC path with that database file".

    need to locate this database and more info

  • @GokuBlackSSR said:

    need to locate this database and more info

    Is this for user or root? I don't think you need to find a database for either but what you need to look for varies.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • CSNCSN
    edited March 31

    C̶a̶n̶ ̶a̶n̶y̶o̶n̶e̶ ̶g̶i̶v̶e̶ ̶m̶e̶ ̶a̶ ̶n̶u̶d̶g̶e̶ ̶o̶n̶ ̶t̶h̶i̶s̶?̶ ̶I̶ ̶h̶a̶v̶e̶ ̶t̶h̶e̶ ̶c̶o̶n̶t̶e̶n̶t̶s̶ ̶f̶r̶o̶m̶ ̶t̶h̶e̶ ̶"̶e̶m̶p̶t̶y̶"̶ ̶f̶i̶l̶e̶ ̶a̶n̶d̶ ̶I̶ ̶a̶m̶ ̶u̶s̶i̶n̶g̶ ̶t̶̶̶̶̶̶t̶ ̶o̶n̶ ̶t̶h̶e̶ ̶h̶i̶g̶h̶ ̶p̶o̶r̶t̶ ̶a̶n̶d̶ ̶I̶ ̶f̶o̶u̶n̶d̶ ̶s̶o̶m̶e̶ ̶i̶n̶t̶e̶r̶e̶s̶t̶i̶n̶g̶ ̶f̶i̶l̶e̶s̶.̶ ̶F̶o̶u̶n̶d̶ ̶t̶h̶e̶ ̶.̶c̶̶̶̶ ̶f̶i̶l̶e̶ ̶w̶i̶t̶h̶ ̶t̶h̶e̶ ̶h̶a̶s̶h̶ ̶a̶n̶d̶ ̶t̶h̶e̶ ̶H̶̶̶̶̶*̶P̶.̶e̶x̶e̶ ̶f̶i̶l̶e̶ ̶a̶s̶ ̶w̶e̶l̶l̶,̶ ̶p̶r̶o̶b̶l̶e̶m̶ ̶i̶s̶ ̶I̶ ̶h̶a̶v̶e̶ ̶n̶o̶ ̶c̶l̶u̶e̶ ̶h̶o̶w̶ ̶t̶o̶ ̶d̶o̶w̶n̶l̶o̶a̶d̶ ̶t̶h̶e̶ ̶.̶e̶x̶e̶ ̶f̶i̶l̶e̶,̶ ̶b̶e̶c̶a̶u̶s̶e̶ ̶t̶h̶e̶r̶e̶ ̶o̶n̶l̶y̶ ̶s̶e̶e̶m̶s̶ ̶t̶o̶ ̶b̶e̶ ̶a̶ ̶s̶h̶o̶r̶t̶l̶i̶s̶t̶ ̶o̶f̶ ̶c̶o̶m̶m̶a̶n̶d̶s̶ ̶I̶ ̶c̶a̶n̶ ̶r̶u̶n̶.̶ ̶D̶o̶ ̶i̶ ̶n̶e̶e̶d̶ ̶t̶o̶ ̶u̶s̶e̶ ̶a̶ ̶d̶i̶f̶f̶e̶r̶e̶n̶t̶ ̶t̶o̶o̶l̶ ̶h̶e̶r̶e̶ ̶o̶r̶ ̶?̶

    Nvm - I see I have the file already.

  • Hi

    So, I already get the D****M***P****.txt file and reversed the .exe. I'm trying to read the hidden content of the file changing the data s****m but don't worked. I'm getting the wrong way here or i just missing something?

    First Time commenting, Thx for the help in advance.

  • for people using trashy online compilers for linux: Note the .NET core CLI is open sourced and installable on Linux. I didn't know at first and really struggled to get that working (didn't want to wait all day to install Visual Studio), but now I learned I can just build .NET projects on Linux. Neat!

  • @BissoRM said:

    Hi

    So, I already get the D****M***P****.txt file and reversed the .exe. I'm trying to read the hidden content of the file changing the data s****m but don't worked. I'm getting the wrong way here or i just missing something?

    First Time commenting, Thx for the help in advance.

    If you google the tool and the way the data is stored, there is an article on SuperUser.com which answers this for you.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • edited March 31

    Thanks for the Box. 2-9- Bytes later. Who needs Windows ha!

    Arrexel

  • I managed to get the content of the important file for root. But I dont understand why my Method worked. If someone can PM me I would appreciate it a lot! :)

  • Type your comment> @HackingFish said:

    I managed to get the content of the important file for root. But I dont understand why my Method worked. If someone can PM me I would appreciate it a lot! :)

    And I dont know what to do with the .exe. Help plz

  • SMBClient shows "NT_STATUS_CONNECTION_RESET" and "Error NT_STATUS_IO_TIMEOUT" errors. Is that normal? or is it due to network issues?

  • @username2020 said:

    SMBClient shows "NT_STATUS_CONNECTION_RESET" and "Error NT_STATUS_IO_TIMEOUT" errors. Is that normal? or is it due to network issues?

    I think it implies something isn't working. It could be that you've requested a share which doesn't exist or you dont have access to, or made a request in a manner it doesn't understand, or there is connectivity problems.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • Just finished the box - what a ride! Huge thanks to @VbScrub , this box was awesome! Really looking forward to you next boxes.
    While I personally found it challenging, I can understand why this box was rated easy - once you chose the appropriate tools, everything is evenly laid out for you. The difficult part is of course knowing which tool to use ;) But then again, that's when this thread comes into play for grabbing hints and nudges as you need them.
    Thanks to @alcatrazk and @NobodyTellsMe for helping me out when I got stuck!

  • Anybody else having troubles with the box periodically going down?

  • edited April 3

    For those wondering how you can connect to the service using netcat, just use the -C switch. This will append a CRLF to your data exactly like Telnet does by default.

    I don't know if anybody else mentioned that trick in that giant thread, didn't read all pages

    User was a real pain but root was easy as f***

    OSCP, OSWP, GCIH, CEH, Security+, VHL Advanced+

    https://www.phrozen.io/

    Hack The Box

  • edited April 3

    Rooted! thanks @VbScrub for the box and thanks @Xurfcha for the help , i learned a lot. Ping me if you need some help

  • Not the challenging part of the box im sure but im struggling to extract the ADS fron D**** M*** P*******.txt.......no bueno for everything i try...

  • edited April 4
    @ByteM3 said:

    Not the challenging part of the box im sure but im struggling to extract the ADS fron D**** M*** P*******.txt.......no bueno for everything i try...

    You're 100% right it's not. Take some time to research it well first - then there's a very simple way to extract it / create them in Windows. #TryHarder let your interest guide you! :smile:

    -- Deflncha --

    woo Ah
    ~(^з^)-♡

  • Type your comment> @Deflncha said:

    You're 100% right it's not. Take some time to research it well first - then there's a very simple way to extract it / create them in Windows. #TryHarder let your interest guide you! :smile:

    Yes, i've tried hard. Ive tried for about half a day reading and trying cmd line, powershell, linux, even GUI tools! But nothing!

  • Rooted.

    HTB{HappyHacking}

  • edited April 5

    Rooted.

    Cool box, took me a while to get user... Had to research visual b. but when i got it, it was easy.
    Root part was interesting, but not that exhausting as User. Same method and just right stuff. Got stuck on high port, but I was on the right track. just needed to think behind a little bit.. After that it was fast.
    Learned new tools! Thanks!
    All i needed was Kali Linux and one cool tool from github

  • I can´t read the info in the empty file... some one can help me on PM?
    I know that is an NTFS capabilitie, but even in Windows i can´t read the S****M....

  • There are many hints in this thread regarding this. The way you read will depend you do that on Linux or Windows. Google it.
    Personally i just used s*******t on Kali.
    Btw use MAN on that tool to see what you need.

  • For the root, i cant download the exe for reversing it : what tool should i use for ?

    Arrexel

  • Managed to get root! I can definitely see why a lot of users are wanting to push this into the medium category. However, it is clear the creator does not expect anyone to be an expert at reverse engineering binaries. I was stuck for a while because I was overthinking things and examining the functions inside and out. You don't need to do that. Honestly you only need parts of them and you can just use them without really knowing what's going on internally. If you've spent a lot of time reading the code, you probably haven't enumerated enough. PM me if you want hints towards tools or getting flags in general.

  • edited April 8

    Ok sucessfully rooted. I really wonder how realistic the very last part is. Maybe someone can put this a little bit in perpective. Is the HQK Service totally miconfigured or is it quite realistic? Also i would like to know if this LDAP.exe is part of the real HQK Software or some custom add-on some imaginary Programmer wrote :D Does somebody know and worked with Services like that?#

    Edit: Nvm, just found out HQK ist a custom programm of the box Creator :sweat_smile:

  • @101001101029A said:

    Ok sucessfully rooted. I really wonder how realistic the very last part is.

    I think it may depend on many factors. Privileged access to an application often grants you access to things the developers think you wont have access to. Being able to analyse the application and have some useful loot the developers think is a secret is a very frequently identified security vulnerability.

    Maybe someone can put this a little bit in perpective. Is the HQK Service totally miconfigured or is it quite realistic?

    I am not sure why you'd think it was misconfigured. Privileged user access seemed fairly rational.

    Also i would like to know if this LDAP.exe is part of the real HQK Software or some custom add-on some imaginary Programmer wrote :D Does somebody know and worked with Services like that?

    Is there a real HQK software package?

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • Got Root, very nice and funny box, hard to find the debug pass if you are not familiar with this kind of data storage. as im curious, i looked at the service and found a litte easter egg: try to type HTB on the higher port ;)

  • @secure77 said:
    Got Root, very nice and funny box, hard to find the debug pass if you are not familiar with this kind of data storage. as im curious, i looked at the service and found a litte easter egg: try to type HTB on the higher port ;)

    Haha I forgot about that. Glad someone found it

  • Have a few xml files and a b64 encoded file. where to from here?

  • @Wolfman000 said:

    Have a few xml files and a b64 encoded file. where to from here?

    Its not base64.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

Sign In to comment.