Cascade

@VbScrub you love them dotnet apps dont you lol
i just wanna say thanks bro for this box i really enjoyed it …
love your youtube channel too…
keep on…
owned!

Thank @VbScrub , very pretty machine !

All nudge are in the forum, you read you find something !
I was blocked in one step because i have no idea which tool use but it was ok. Very smart the last step of root !

If you feel very stuck you can Pm :slight_smile:

@HolyShift said:
@VbScrub you love them dotnet apps dont you lol

Can you tell VB.NET is the only language I know :lol:

Literally still have no idea what to do, gotta #tryharder .

Very nice and straight forward box, was real fun. Thanks @VbScrub
Learned again something new about AD.
Initial foothold:
pay close attention for what you get from one of the typical AD ports, I’ve overseen it more than once as it’s “hidden in the crowd”
User:
Do some thorough enumeration with the access you got from above and you get another access
Root:
After user do again some more usual enumeration with what you can do now to get the 3rd user access. Use this wisely with something only this user is able to do. Do some googling and you get everything you need. Put this altogether with some enumeration results you found on the way here and finally get root.txt.
As always: PM for hints

done!

Very good machine!

@VbScrub loves put some code inside the challenge the hint here is, you can stop and view the content.

Thanks for the challenge.

Spoiler Removed

Really fun box so far! I am rather stuck on RE part on Linux… a gentle nudge to something to get past this would be greatly appreciated!

Enumerating Windows machines is a definite weak spot of mine which is why I chose to do this machine. I’ve got a list of usernames and one password which has given me limited share access to various files, none of which appear to yield anything useful. Root seems a long way off from back here.

@sloth1985 said:

Enumerating Windows machines is a definite weak spot of mine which is why I chose to do this machine. I’ve got a list of usernames and one password which has given me limited share access to various files, none of which appear to yield anything useful. Root seems a long way off from back here.

That limited share access gives you more than you might think.

That was was one very enjoyable and realistic box, Thanks VBscrub.

I’d be curious to know how much of the boxes you propose is directly inspired from your experience in the field ?

Thanks @VbScrub for the machine.
What a great box. I ‘99%’ love it!
(1% it’s for the foothold part. Uh, my eyes sore to look for it XD).

@lebutter said:
That was was one very enjoyable and realistic box, Thanks VBscrub.

I’d be curious to know how much of the boxes you propose is directly inspired from your experience in the field ?

Depends what you mean by in the field I guess. I don’t have any experience in the field of pentesting. I’ve only ever been on the server admin side of things. But yeah in that capacity I’ve seen people do plenty of dumb things that I’m taking inspiration from for some of these machines I’ve made :slight_smile:

Great machine ! I loved the whole experience ! Amazing work, please keep on building more of those nice windows machines !

Rooted! Great machine. Learned heaps. Thanks @VbScrub for the great box and thanks for the nudges.

Nothing too much I can add to what has already been said, other than to echo the comments on enum!

If you find yourself stuck at RE maybe take a look through the Windows.

Rooted! Thanks @VbScrub for this great machine. Thanks to your boxes I’m starting to like two things I’ve always hated: Windows machines and enumeration heavy machines. You’re surely broadening my horizons :slight_smile:

I didn’t manage to complete last step remotely and had to use local access. I’d be greateful for a PM how it can be done.

Not gonna spoil anything more on the forum but feel free to PM for nuggets. But please show some effort before doing so.

Looking for advice on first user logon/pass. I have a user list. I used the ls***. Despite all the hints and nudges (usually these put me in the right direction) - I have no idea what I’m looking for in the dump. Would someone be kind enough to PM me please?

What a great box :mrgreen:

It took me an embarrassingly long time to find the initial cred. The path to root was a learning experience for a noob in that language.

The box had a nice priv esc to root as well!

Overall one of my favourite boxes to date.

Many thanks @VbScrub

Rooted. Thanks @VbScrub for this amazing box. Learnt new stuff abt AD.

Went through some your youtube to find inspiration for the foothold. Seems I was too sensitive to the ticket after Sauna then this box. XD

This box is realistic. Love it. I like the feeling of being a detective finding clues everywhere.

Rooted, was a good one :slight_smile:
PM if you need a nudge