Cascade

1101113151621

Comments

  • Rooted. Was fun!

    Wasted so much time on the foothold by querying a higher port because a lower port initially timed out. The information you need is not present in that higher one. Don't make my mistake.

    Secondly, a certain cook gave me a meal that wasn't 100% what I ordered. Don't know why but if you notice the dot, just guess what they missed. Props to @TazWake for helping clarify that.

    Thanks @VbScrub!

  • Ahahaha. Got root. I am so stupid with Windows boxes :relaxed:
    User is easy, but u need to keep the chain in mind
    ROOT!:
    So, when u got all info, users and know all about this box, check who u are, what u can and use one powershell command which has a special argument for the parameter.
    Good luck and thanks to @VbScrub !

  • is there something to read on that reg or im messing somthing

  • And that is Root!

    Wow @VbScrub , again you have created a brilliant box that teaches you so much and takes you on a real journey; I really appreciate the effort you put in to these!

    I'm still not sure though, did I enjoy Nest more than Cascade??? :)

    Absolutely brilliant, keep going mate, looking forward to the next one.

    Thanks go to @gluonsrgreat and @metuldann for keeping me sane!

    Hack The Box

  • Rooted.
    Thanks @VbScrub, good box, hope you will release other medium boxes.

  • @phycomp & @Gand3lf

    Thanks for the kind words :) and yeah more boxes coming soon

  • @VbScrub Thanks for this box, I've learned a tonne of stuff.
    I did find your previous AD box tougher, but that was first my introduction to both pentesting and AD and I had chosen an 'easy' box for my first box. Looking forward to your next boxes!

  • Got User.txt, quite a journey :D Only seeing black and white after that.
    Root will be quite difficult to me if there is only the RE way...

  • Type your comment> @MrZulu said:

    @VbScrub Thanks for this box, I've learned a tonne of stuff.
    I did find your previous AD box tougher, but that was first my introduction to both pentesting and AD and I had chosen an 'easy' box for my first box. Looking forward to your next boxes!

    My previous box (Nest) wasn't anything to do with AD and didn't have it installed, maybe you got it confused with another one? I know some people thought I made the Sauna box just cos I started the thread on it, but that wasn't mine :)

  • Nice box! Great work, love your AD stuff.

    Happy to assist PM's

  • edited April 15

    Type your comment> @VbScrub said:

    Type your comment> @MrZulu said:

    @VbScrub Thanks for this box, I've learned a tonne of stuff.
    I did find your previous AD box tougher, but that was first my introduction to both pentesting and AD and I had chosen an 'easy' box for my first box. Looking forward to your next boxes!

    My previous box (Nest) wasn't anything to do with AD and didn't have it installed, maybe you got it confused with another one? I know some people thought I made the Sauna box just cos I started the thread on it, but that wasn't mine :)

    Oh, yes I did nest too. Apologies, I was thinking about forest. Either way, keep up the good work. I look forward to the next challenge!

    Just read my notes on Nest. What a wild ride that box was!

  • I did it. I have to say that your @VbScrub machines are the most complex for me but they are quite satisfactory.

  • @VbScrub you love them dotnet apps dont you lol
    i just wanna say thanks bro for this box i really enjoyed it ...
    love your youtube channel too....
    keep on.....
    owned!

  • Thank @VbScrub , very pretty machine !

    All nudge are in the forum, you read you find something !
    I was blocked in one step because i have no idea which tool use but it was ok. Very smart the last step of root !

    If you feel very stuck you can Pm :)

  • @HolyShift said:
    @VbScrub you love them dotnet apps dont you lol

    Can you tell VB.NET is the only language I know :lol:

  • Literally still have no idea what to do, gotta #tryharder .

    PM for nudges, I'm almost available 24/7.

  • Very nice and straight forward box, was real fun. Thanks @VbScrub
    Learned again something new about AD.
    Initial foothold:
    pay close attention for what you get from one of the typical AD ports, I've overseen it more than once as it's "hidden in the crowd"
    User:
    Do some thorough enumeration with the access you got from above and you get another access
    Root:
    After user do again some more usual enumeration with what you can do now to get the 3rd user access. Use this wisely with something only this user is able to do. Do some googling and you get everything you need. Put this altogether with some enumeration results you found on the way here and finally get root.txt.
    As always: PM for hints

  • done!

    Very good machine!

    @VbScrub loves put some code inside the challenge the hint here is, you can stop and view the content.

    Thanks for the challenge.

    ++++++++++++++++++++++++++++++++++++++++++++++++++

    Str0ng3erG3ek

    +respect me if I helped you :}

  • Spoiler Removed

  • Really fun box so far! I am rather stuck on RE part on Linux.. a gentle nudge to something to get past this would be greatly appreciated!

  • Enumerating Windows machines is a definite weak spot of mine which is why I chose to do this machine. I've got a list of usernames and one password which has given me limited share access to various files, none of which appear to yield anything useful. Root seems a long way off from back here.

  • @sloth1985 said:

    Enumerating Windows machines is a definite weak spot of mine which is why I chose to do this machine. I've got a list of usernames and one password which has given me limited share access to various files, none of which appear to yield anything useful. Root seems a long way off from back here.

    That limited share access gives you more than you might think.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • That was was one very enjoyable and realistic box, Thanks VBscrub.

    I'd be curious to know how much of the boxes you propose is directly inspired from your experience in the field ?

    lebutter
    eCPPT | OSCP

  • Thanks @VbScrub for the machine.
    What a great box. I '99%' love it!
    (1% it's for the foothold part. Uh, my eyes sore to look for it XD).

  • @lebutter said:
    That was was one very enjoyable and realistic box, Thanks VBscrub.

    I'd be curious to know how much of the boxes you propose is directly inspired from your experience in the field ?

    Depends what you mean by in the field I guess. I don't have any experience in the field of pentesting. I've only ever been on the server admin side of things. But yeah in that capacity I've seen people do plenty of dumb things that I'm taking inspiration from for some of these machines I've made :)

  • Great machine ! I loved the whole experience ! Amazing work, please keep on building more of those nice windows machines !

    image

  • Rooted! Great machine. Learned heaps. Thanks @VbScrub for the great box and thanks for the nudges.

    Nothing too much I can add to what has already been said, other than to echo the comments on enum!

    If you find yourself stuck at RE maybe take a look through the Windows.

  • Rooted! Thanks @VbScrub for this great machine. Thanks to your boxes I'm starting to like two things I've always hated: Windows machines and enumeration heavy machines. You're surely broadening my horizons :)

    I didn't manage to complete last step remotely and had to use local access. I'd be greateful for a PM how it can be done.

    Not gonna spoil anything more on the forum but feel free to PM for nuggets. But please show some effort before doing so.

  • Looking for advice on first user logon/pass. I have a user list. I used the l***s******. Despite all the hints and nudges (usually these put me in the right direction) - I have no idea what I'm looking for in the dump. Would someone be kind enough to PM me please?

    dextopsupport

  • What a great box :mrgreen:

    It took me an embarrassingly long time to find the initial cred. The path to root was a learning experience for a noob in that language.

    The box had a nice priv esc to root as well!

    Overall one of my favourite boxes to date.

    Many thanks @VbScrub
Sign In to comment.