Cascade

Very nice and straight forward box, was real fun. Thanks @VbScrub
Learned again something new about AD.
Initial foothold:
pay close attention for what you get from one of the typical AD ports, I’ve overseen it more than once as it’s “hidden in the crowd”
User:
Do some thorough enumeration with the access you got from above and you get another access
Root:
After user do again some more usual enumeration with what you can do now to get the 3rd user access. Use this wisely with something only this user is able to do. Do some googling and you get everything you need. Put this altogether with some enumeration results you found on the way here and finally get root.txt.
As always: PM for hints

done!

Very good machine!

@VbScrub loves put some code inside the challenge the hint here is, you can stop and view the content.

Thanks for the challenge.

Spoiler Removed

Really fun box so far! I am rather stuck on RE part on Linux… a gentle nudge to something to get past this would be greatly appreciated!

Enumerating Windows machines is a definite weak spot of mine which is why I chose to do this machine. I’ve got a list of usernames and one password which has given me limited share access to various files, none of which appear to yield anything useful. Root seems a long way off from back here.

@sloth1985 said:

Enumerating Windows machines is a definite weak spot of mine which is why I chose to do this machine. I’ve got a list of usernames and one password which has given me limited share access to various files, none of which appear to yield anything useful. Root seems a long way off from back here.

That limited share access gives you more than you might think.

That was was one very enjoyable and realistic box, Thanks VBscrub.

I’d be curious to know how much of the boxes you propose is directly inspired from your experience in the field ?

Thanks @VbScrub for the machine.
What a great box. I ‘99%’ love it!
(1% it’s for the foothold part. Uh, my eyes sore to look for it XD).

@lebutter said:
That was was one very enjoyable and realistic box, Thanks VBscrub.

I’d be curious to know how much of the boxes you propose is directly inspired from your experience in the field ?

Depends what you mean by in the field I guess. I don’t have any experience in the field of pentesting. I’ve only ever been on the server admin side of things. But yeah in that capacity I’ve seen people do plenty of dumb things that I’m taking inspiration from for some of these machines I’ve made :slight_smile:

Great machine ! I loved the whole experience ! Amazing work, please keep on building more of those nice windows machines !

Rooted! Great machine. Learned heaps. Thanks @VbScrub for the great box and thanks for the nudges.

Nothing too much I can add to what has already been said, other than to echo the comments on enum!

If you find yourself stuck at RE maybe take a look through the Windows.

Rooted! Thanks @VbScrub for this great machine. Thanks to your boxes I’m starting to like two things I’ve always hated: Windows machines and enumeration heavy machines. You’re surely broadening my horizons :slight_smile:

I didn’t manage to complete last step remotely and had to use local access. I’d be greateful for a PM how it can be done.

Not gonna spoil anything more on the forum but feel free to PM for nuggets. But please show some effort before doing so.

Looking for advice on first user logon/pass. I have a user list. I used the ls***. Despite all the hints and nudges (usually these put me in the right direction) - I have no idea what I’m looking for in the dump. Would someone be kind enough to PM me please?

What a great box :mrgreen:

It took me an embarrassingly long time to find the initial cred. The path to root was a learning experience for a noob in that language.

The box had a nice priv esc to root as well!

Overall one of my favourite boxes to date.

Many thanks @VbScrub

Rooted. Thanks @VbScrub for this amazing box. Learnt new stuff abt AD.

Went through some your youtube to find inspiration for the foothold. Seems I was too sensitive to the ticket after Sauna then this box. XD

This box is realistic. Love it. I like the feeling of being a detective finding clues everywhere.

Rooted, was a good one :slight_smile:
PM if you need a nudge

Finally Rooted…
THANKS FOR CREATING IT.

@dextopsupport said:

Looking for advice on first user logon/pass. I have a user list. I used the ls***. Despite all the hints and nudges (usually these put me in the right direction) - I have no idea what I’m looking for in the dump. Would someone be kind enough to PM me please?

Try outputting to a text file then grepping through it for known usernames or references to legacy systems.

Thanks @TazWake and @paddanada. It was staring me in the face the whole time :blush:

Finally got this thing. Took me days and a nudge from Cedgar to figure the root thing out. Thanks again @VbScrub for this box. Nothing like puzzles like these to show your own incompetence can really trip you up :wink:

Important lessons learned:

  • Don’t use ./ when accessing shares. You’ll log in succesfully, but get access denied on everything
  • Powershell can be a stingy ■■■■■■■ when querying some things. You have to really drag it out of it