Cascade

18911131421

Comments

  • Thanks for the box @VbScrub, amazing, thanks to @thammarit to give me the correct parameters for the final step.

  • edited April 2020

    Guys, got the user flag but it's not accepted by the htb platform (already know about the new rotate flag rule). I tried to reset the machine (flag still the same) and it does not work. Did someone have the same problem?

    Edit: nvm, I waited for 10 min after resetting to submit, and (finally) it was accepted.

  • Spoiler Removed

  • just rooted. Not excessively difficult box and found a brilliant tool called JetBrains dotPeek. Someone in the forums mentioned Ghidra. Have anyone managed to get the information from it?

    @VbScrub Thanks a lot mate for an interesting box, really enjoyed it.

    If my comment somehow helped you, you can show your appreciation with a Respect :)
    https://www.hackthebox.eu/home/users/profile/117977

  • I got 3rd user, How can I get the secret of the dead man? Can you PM with the help? Thank you!

    image

  • trying to wake up the dead with the right account but getting access denied , any idea ?

    Ch0p1n

  • @Ch0p1n, you don't need to wake them up...just do a little grave robbing.

    marlasthemage

  • Type your comment> @marlasthemage said:

    @Ch0p1n, you don't need to wake them up...just do a little grave robbing.

    Thank you very much , got it

    Ch0p1n

  • Hello, I am facing problem with this box.I can't connect using Evil-Winrm but with the same username and password I can connect using smbmap.
    username s.****h
    password s****2

  • Type your comment> @samirul said:

    Hello, I am facing problem with this box.I can't connect using Evil-Winrm but with the same username and password I can connect using smbmap.
    username s.****h
    password s****2

    that is not a problem, that is by design. Not all users can connect to WinRM (in the real world, only admins usually)

  • Did anyone have a problem with HTB not accepting the user.txt flag? I assume this is a bug with the new dynamic flags feature, but it's so very annoying. I raised a support ticket will see what they come back with.

    I double-checked my lab vpn connection was the same that the website thought, also that the machine hadn't just been reset. I took the flag and immediately submitted it after getting it.

    OrangeHat

  • @orangehat yep, loads of people. I sent feedback to HTB about it as well

  • Type your comment> @VbScrub said:

    @orangehat yep, loads of people. I sent feedback to HTB about it as well

    Ahh, oops sorry to spam the forum then. Was worried about seeing some spoilers, trying to do boxes hint free nowadays!

    OrangeHat

  • Rooted! Really fun machine! Thanks :)

  • Rooted.. learned a ton about windows. feel like the relationship i now have with windows just turned from pure hatred to " it's complicated :wink: "
    PM for nudges
    +respect if i helped you :) cheers!

  • Rooted, thanks to @Alpha19 ^^.

    My tired head couldn't see the end in plain sight!

    Lesson - More sleep required.

    Cheers Alpha, for the nudge.

    Going Full Caveman during isolation. No shaving any hair for the duration.

  • edited April 2020

    Hello all. Can anyone give me a tip on finding the command for the last step for root? I can see the entry for the dead guy, but can only find info on restoration, not to see the actual data. I attemped to use ld*pSea** too but couldn't pull entry either. TY!

  • Type your comment> @Ch0p1n said:

    trying to wake up the dead with the right account but getting access denied , any idea ?

    I am here also. Give me some hints. Thanks.

    image

  • Got root, finally! For me, this box introduced new areas to read up on for AD.

    Type your comment> @orangehat said:

    Did anyone have a problem with HTB not accepting the user.txt flag? I assume this is a bug with the new dynamic flags feature, but it's so very annoying. I raised a support ticket will see what they come back with.

    I double-checked my lab vpn connection was the same that the website thought, also that the machine hadn't just been reset. I took the flag and immediately submitted it after getting it.

    I had the same problem with the root flag. Resets did not work, but terminating and then starting up the machine again did. I noticed that the flag did not change between resets.

  • edited April 2020

    Type your comment> @todzhang said:

    Type your comment> @Ch0p1n said:

    trying to wake up the dead with the right account but getting access denied , any idea ?

    I am here also. Give me some hints. Thanks.

    You dont need to bring anyone back. (self promo warn) either research my Github (same name, use the branch from PR) for a .py enum script or research what Get-ADObject can return with the proper filter.

  • Type your comment> @zelensky said:

    I had the same problem with the root flag. Resets did not work, but terminating and then starting up the machine again did. I noticed that the flag did not change between resets.

    Now having the problem with root too. I reset, and stopped/started the machine, but it's the same, just get flag incorrect. Will have to try again later, don't have time for this shit right now. Maybe terminating, disconnecting, then later reconnecting and starting up a fresh machine will work.

    They should have published their code on GitHub or something before releasing it so we could review it, seems to be buggy AF.

    OrangeHat

  • yea i had the same problem with root flag, was telling me that was incorrect. after a reset and re-root it passed. so i guess as of now, writeups are dead???

    very good machine @VbScrub keep em coming :smile:

    Rayz

  • Got user. I already had admiration for @VbScrub for his previous box, but the admiration only increased. So far it's pure enjoyment. Going for root.

    t13nn3s
    You can find write-ups and walkthroughs on my personal blog: https://binsec.nl

  • @T13nn3s said:
    Got user. I already had admiration for @VbScrub for his previous box, but the admiration only increased. So far it's pure enjoyment. Going for root.

    haha thanks :)

  • Rooted!
    Finally got some time and did this box!
    Learn a couple of new things, like how to bring back the dead.

    No idea what is this Chef people talk about.

    Enough tips on this thread already, but for root you just need a couple of PS Cmdlets once you know what your last user can do.

    Hack The Box

  • @gu4r15m0 the chef is just a website that does encryption/decryption for you when given parameters like secret key and input text etc

  • Type your comment> @VbScrub said:
    > @gu4r15m0 the chef is just a website that does encryption/decryption for you when given parameters like secret key and input text etc

    Amazing!! I just found the website, gonna get a closer look. But no need for this box.
    Thanks for the box though! 👍🏼👍🏼

    Hack The Box

  • Rooted,
    Thank you @VbScrub for a fun machine.
    I finally get the references of; sometimes the dead also have secrets.

    Always happy to help others. 100% human

    https://www.mindfueldaily.com/livewell/thank-you/

  • Hi all,

    I'd appreciate a nudge with root if anyone's available for a DM?

    Thanks in advance

    <img src="https://www.hackthebox.eu/badge/team/image/2708"; alt="Hack The Box">

  • Type your comment> @Rayz said:

    yea i had the same problem with root flag, was telling me that was incorrect. after a reset and re-root it passed. so i guess as of now, writeups are dead???

    Not really dead. I see that some writeups are protected with the Administrator's NTLM hash now.

Sign In to comment.