Cascade

Rooted! Really fun machine! Thanks :slight_smile:

Rooted… learned a ton about windows. feel like the relationship i now have with windows just turned from pure hatred to " it’s complicated :wink: "
PM for nudges
+respect if i helped you :slight_smile: cheers!

Rooted, thanks to @Alpha19 ^^.

My tired head couldn’t see the end in plain sight!

Lesson - More sleep required.

Cheers Alpha, for the nudge.

Hello all. Can anyone give me a tip on finding the command for the last step for root? I can see the entry for the dead guy, but can only find info on restoration, not to see the actual data. I attemped to use ld*pSea** too but couldn’t pull entry either. TY!

Type your comment> @Ch0p1n said:

trying to wake up the dead with the right account but getting access denied , any idea ?

I am here also. Give me some hints. Thanks.

Got root, finally! For me, this box introduced new areas to read up on for AD.

Type your comment> @orangehat said:

Did anyone have a problem with HTB not accepting the user.txt flag? I assume this is a bug with the new dynamic flags feature, but it’s so very annoying. I raised a support ticket will see what they come back with.

I double-checked my lab vpn connection was the same that the website thought, also that the machine hadn’t just been reset. I took the flag and immediately submitted it after getting it.

I had the same problem with the root flag. Resets did not work, but terminating and then starting up the machine again did. I noticed that the flag did not change between resets.

Type your comment> @todzhang said:

Type your comment> @Ch0p1n said:

trying to wake up the dead with the right account but getting access denied , any idea ?

I am here also. Give me some hints. Thanks.

You dont need to bring anyone back. (self promo warn) either research my Github (same name, use the branch from PR) for a .py enum script or research what Get-ADObject can return with the proper filter.

Type your comment> @zelensky said:

I had the same problem with the root flag. Resets did not work, but terminating and then starting up the machine again did. I noticed that the flag did not change between resets.

Now having the problem with root too. I reset, and stopped/started the machine, but it’s the same, just get flag incorrect. Will have to try again later, don’t have time for this ■■■■ right now. Maybe terminating, disconnecting, then later reconnecting and starting up a fresh machine will work.

They should have published their code on GitHub or something before releasing it so we could review it, seems to be buggy AF.

yea i had the same problem with root flag, was telling me that was incorrect. after a reset and re-root it passed. so i guess as of now, writeups are dead???

very good machine @VbScrub keep em coming :smile:

Got user. I already had admiration for @VbScrub for his previous box, but the admiration only increased. So far it’s pure enjoyment. Going for root.

@T13nn3s said:
Got user. I already had admiration for @VbScrub for his previous box, but the admiration only increased. So far it’s pure enjoyment. Going for root.

haha thanks :slight_smile:

Rooted!
Finally got some time and did this box!
Learn a couple of new things, like how to bring back the dead.

No idea what is this Chef people talk about.

Enough tips on this thread already, but for root you just need a couple of PS Cmdlets once you know what your last user can do.

@gu4r15m0 the chef is just a website that does encryption/decryption for you when given parameters like secret key and input text etc

Type your comment> @VbScrub said:

@gu4r15m0 the chef is just a website that does encryption/decryption for you when given parameters like secret key and input text etc

Amazing!! I just found the website, gonna get a closer look. But no need for this box.
Thanks for the box though! ???

Rooted,
Thank you @VbScrub for a fun machine.
I finally get the references of; sometimes the dead also have secrets.

Hi all,

I’d appreciate a nudge with root if anyone’s available for a DM?

Thanks in advance

Type your comment> @Rayz said:

yea i had the same problem with root flag, was telling me that was incorrect. after a reset and re-root it passed. so i guess as of now, writeups are dead???

Not really dead. I see that some writeups are protected with the Administrator’s NTLM hash now.

That box was a hoot! Nice one @VbScrub

really nice box :slight_smile: thanks @VbScrub

Rooted. Another great machine @VbScrub.

If anyone needs any hints feel free to reach out.