@lebutter said:
That was was one very enjoyable and realistic box, Thanks VBscrub.
I’d be curious to know how much of the boxes you propose is directly inspired from your experience in the field ?
Depends what you mean by in the field I guess. I don’t have any experience in the field of pentesting. I’ve only ever been on the server admin side of things. But yeah in that capacity I’ve seen people do plenty of dumb things that I’m taking inspiration from for some of these machines I’ve made
Rooted! Thanks @VbScrub for this great machine. Thanks to your boxes I’m starting to like two things I’ve always hated: Windows machines and enumeration heavy machines. You’re surely broadening my horizons
I didn’t manage to complete last step remotely and had to use local access. I’d be greateful for a PM how it can be done.
Not gonna spoil anything more on the forum but feel free to PM for nuggets. But please show some effort before doing so.
Looking for advice on first user logon/pass. I have a user list. I used the ls***. Despite all the hints and nudges (usually these put me in the right direction) - I have no idea what I’m looking for in the dump. Would someone be kind enough to PM me please?
Looking for advice on first user logon/pass. I have a user list. I used the ls***. Despite all the hints and nudges (usually these put me in the right direction) - I have no idea what I’m looking for in the dump. Would someone be kind enough to PM me please?
Try outputting to a text file then grepping through it for known usernames or references to legacy systems.
Finally got this thing. Took me days and a nudge from Cedgar to figure the root thing out. Thanks again @VbScrub for this box. Nothing like puzzles like these to show your own incompetence can really trip you up
Important lessons learned:
Don’t use ./ when accessing shares. You’ll log in succesfully, but get access denied on everything
Powershell can be a stingy ■■■■■■■ when querying some things. You have to really drag it out of it
I think I’m at the RE stage of this box now (another weak point) and have tried to use IDA (the free one) to examine the source code but I get an error (The processor type ‘cli’ is not included in the installed version of IDA). Can anyone educate me on what I’m doing wrong or possibly recommend an alternative to IDA that can disassemble the EXE I’ve found.
Finally got this one, had 3 sets of creds before I even looked for any flags.
I used kali only but used a form of gui to search for all the data, took a while to find what was needed for the initial user but after that, plain sailing.
DM if help is needed, I’ll not reveal too much though!
@sloth1985 said:
I think I’m at the RE stage of this box now (another weak point) and have tried to use IDA (the free one) to examine the source code but I get an error (The processor type ‘cli’ is not included in the installed version of IDA). Can anyone educate me on what I’m doing wrong or possibly recommend an alternative to IDA that can disassemble the EXE I’ve found.
Look at .NET decompilers rather than regular assembly decompilers
I know very little about C# but it looks like executables produced with VisualStudio can be decompiled and return something very readable and close to original code. Is that just with your boxes ( @VbScrub ) on purpose to make it easier or is it how most of C# exes are ?
I know very little about C# but it looks like executables produced with VisualStudio can be decompiled and return something very readable and close to original code. Is that just with your boxes ( @VbScrub ) on purpose to make it easier or is it how most of C# exes are ?
no, any .NET code (C#.NET or VB.NET) can be decompiled back to pretty much original source code. The only exception being if the author has intentionally run it through an obfuscator, which some companies will do to try protect their source code.
Thank you @VbScrub This was an awesome box. Great Job!
This was no easy run for me but I enjoyed every step. I learnt a lot about AD and several layers of exploitation … not to forget enum and enum and enum.