Nest

@ByteM3 said:

Not the challenging part of the box im sure but im struggling to extract the ADS fron D**** M*** P*******.txt…no bueno for everything i try…

You’re 100% right it’s not. Take some time to research it well first - then there’s a very simple way to extract it / create them in Windows. #TryHarder let your interest guide you! :smile:

Type your comment> @Deflncha said:

You’re 100% right it’s not. Take some time to research it well first - then there’s a very simple way to extract it / create them in Windows. #TryHarder let your interest guide you! :smile:

Yes, i’ve tried hard. Ive tried for about half a day reading and trying cmd line, powershell, linux, even GUI tools! But nothing!

Rooted.

Rooted.

Cool box, took me a while to get user… Had to research visual b. but when i got it, it was easy.
Root part was interesting, but not that exhausting as User. Same method and just right stuff. Got stuck on high port, but I was on the right track. just needed to think behind a little bit… After that it was fast.
Learned new tools! Thanks!
All i needed was Kali Linux and one cool tool from github

I can´t read the info in the empty file… some one can help me on PM?
I know that is an NTFS capabilitie, but even in Windows i can´t read the S****M…

There are many hints in this thread regarding this. The way you read will depend you do that on Linux or Windows. Google it.
Personally i just used s*******t on Kali.
Btw use MAN on that tool to see what you need.

For the root, i cant download the exe for reversing it : what tool should i use for ?

Managed to get root! I can definitely see why a lot of users are wanting to push this into the medium category. However, it is clear the creator does not expect anyone to be an expert at reverse engineering binaries. I was stuck for a while because I was overthinking things and examining the functions inside and out. You don’t need to do that. Honestly you only need parts of them and you can just use them without really knowing what’s going on internally. If you’ve spent a lot of time reading the code, you probably haven’t enumerated enough. PM me if you want hints towards tools or getting flags in general.

Ok sucessfully rooted. I really wonder how realistic the very last part is. Maybe someone can put this a little bit in perpective. Is the HQK Service totally miconfigured or is it quite realistic? Also i would like to know if this LDAP.exe is part of the real HQK Software or some custom add-on some imaginary Programmer wrote :smiley: Does somebody know and worked with Services like that?#

Edit: Nvm, just found out HQK ist a custom programm of the box Creator :sweat_smile:

@101001101029A said:

Ok sucessfully rooted. I really wonder how realistic the very last part is.

I think it may depend on many factors. Privileged access to an application often grants you access to things the developers think you wont have access to. Being able to analyse the application and have some useful loot the developers think is a secret is a very frequently identified security vulnerability.

Maybe someone can put this a little bit in perpective. Is the HQK Service totally miconfigured or is it quite realistic?

I am not sure why you’d think it was misconfigured. Privileged user access seemed fairly rational.

Also i would like to know if this LDAP.exe is part of the real HQK Software or some custom add-on some imaginary Programmer wrote :smiley: Does somebody know and worked with Services like that?

Is there a real HQK software package?

Got Root, very nice and funny box, hard to find the debug pass if you are not familiar with this kind of data storage. as im curious, i looked at the service and found a litte easter egg: try to type HTB on the higher port :wink:

@secure77 said:
Got Root, very nice and funny box, hard to find the debug pass if you are not familiar with this kind of data storage. as im curious, i looked at the service and found a litte easter egg: try to type HTB on the higher port :wink:

Haha I forgot about that. Glad someone found it

Have a few xml files and a b64 encoded file. where to from here?

@Wolfman000 said:

Have a few xml files and a b64 encoded file. where to from here?

Its not base64.

Got root! ■■■■ this was a tricky one for me. Learned to use some linux tools properly with this one. Without the hints in the forum I never would have found some things.
Fun box, so thanks @VbScrub !

I have some programming background, so the code things weren’t a big issue. But ■■■■ you for making me touch VB. I feel dirty now. There’s C# for a reason, you know :wink:

@Hansbla haha I knew people would not approve of the VB stuff. I can read and write C# but honestly prefer VB, and contrary to popular opinion it can do pretty much everything C# can do. It compiles to the exact same IL code, just a different syntax when you write it and I prefer that syntax :slight_smile:

@VbScrub I had never seen/coded VB before but had C# experience & had no issues understanding/modifying the code. Enjoyed both nest & cascade, thumbs-up

Hello everyone !

I just started this box, and sadly I already need a hint…
I discovered 2 open ports. One of them is running a service that could be vulnerable, but I can’t determine its version (I tried with the vuln script and with a scanner).
I tried a few “random” exploits to see if it would get me anywhere, but it doesn’t. I also can’t determine the OS, so there are a lot of unknowns… Should I try to exploit SM*, S***a, ms0…, … ?
I could keep going with random exploits until one works (at the risk of crashing the box) but I don’t think it’s the right thing to do… I would like to know how to determine precisely what exploit to use.

Thank you :slight_smile:

@VbScrub Thanks for the machine, learned a lot from it.

@netpal stop thinking about exploits and just explore :slight_smile: