Cascade

1121315171821

Comments

  • I can offer assistance on this one for those who are stuck, reach out. Redoing my walk through that i lost. take advantage while you can hahah

  • edited April 2020

    Rooted! Very nice box. I can't give any other hints different from what I read here (and only read two). For both user and root, look carefully and pay attention, gather as much as you can, and think through it. A little bit of research won't hurt.

    PS C:\Users\Administrator\Documents> whoami
    cascade\administrator
    

    Hack The Box
    CISSP | eJPT

  • Done! PM if help needed

  • Nice Box @VbScrub
    If anyone need help PM me.

    My YouTube Channel => https://www.youtube.com/c/NatzSec
    You can subscribe if you want :P

  • got user! \o/

    really different foothold and enum for me, i learn really new things, time to root !
    pm me for any nudge on user part :)


    Hack The Box

    You can pm me on discord sh4d0wless#6154

  • I used Windows twice to get past a step on the path to root, and I am glad I did. No way would I limit myself to Kali to get a job done. @VbScrub I hope you are not getting tired of complements, you are about to get another. Cascade is one of the best boxes I have done. It is realistic, well planned, and the enumeration chain is brilliant. You are a true credit to this community.

  • Type your comment> @HomeSen said:

    @VbScrub said:

    @sazouki said:
    got user.txt but HTB keep saying it's invalid lol ?

    https://www.hackthebox.eu/press/integrity-of-hack-the-box

    This is getting ludicrous. Are we expected to reset a box, once we got user, just to get a fresh hash? :rage:
    Got user, submitted the hash within 5-10s and got invalid. The Machine was NOT reset during those few seconds, since my session is still valid (and I didn't see anything related in the shoutbox).
    Now, even after resetting the machine, the hash is the same and invalid :/

    If you got it once, just get it again. It's actually good that they are doing this so people aren't passing out hashes.

  • @NoName21 said:

    @HomeSen said:

    @VbScrub said:

    @sazouki said:
    got user.txt but HTB keep saying it's invalid lol ?

    https://www.hackthebox.eu/press/integrity-of-hack-the-box

    This is getting ludicrous. Are we expected to reset a box, once we got user, just to get a fresh hash? :rage:
    Got user, submitted the hash within 5-10s and got invalid. The Machine was NOT reset during those few seconds, since my session is still valid (and I didn't see anything related in the shoutbox).
    Now, even after resetting the machine, the hash is the same and invalid :/

    If you got it once, just get it again. It's actually good that they are doing this so people aren't passing out hashes.

    I was basically just ranting/venting, since it's pretty annoying that one has to sometimes issue several resets before the hash gets renewed and accepted :/


    Hack The Box
    GREM | OSCE | GASF | eJPT

    Feel free to PM me your questions, but please explain what you tried, so far.

    Currently busy with AWAE

  • Hopefully, people will raise this with HTB so they can become aware of any problems.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • edited April 2020

    finally rooted \o/

    this machine is really enum chain, enum enum enum...
    best windows machine thanks @VbScrub

    thanks a lot @PettaByte and @Onurhan for all helps
    feel free to pm me for nudges :)


    Hack The Box

    You can pm me on discord sh4d0wless#6154

  • @dakkmaddy said:
    @VbScrub I hope you are not getting tired of complements, you are about to get another. Cascade is one of the best boxes I have done. It is realistic, well planned, and the enumeration chain is brilliant. You are a true credit to this community.

    haha thanks, and don't worry I'm not tired of compliments yet :lol:

  • edited April 2020

    C:\Users\Administrator> whoami
    cascade\administrator

    Thanks for the box @VbScrub, i loved it :wink:.
    Bit familiar with the RE part from the Nest box that u made, but really enjoyable.

    I was stuck with foothold at the beginning, but then reading line by line and i found the juicy password...
    After, the path to root was straight.

    If anyone needs help, feel free to pm me :smile:

    'These violent delights have violent ends'

  • edited April 2020

    Firstly thanks to @VbScrub for this beautiful machine. Secondly thanks to @TazWake for that initial nudge for user3.

    Rooted.

    I will give two important points which will help to root the box.

    1. use breakpoints for exe and dlls.
    2. Sometimes you don't need to recover just get the information from AD.

    HTB complaining root flag to be incorrect. @VbScrub will reset set a new flag for root?

    Finally reset worked to get the new flag.

    PM for any help !!

  • AklAkl
    edited April 2020
    Is c*****L*****P** a rabbit hole?, it is not working with me.

    Edit: Got USER, thanks @VbScrub for the hint. On to ROOT
  • @Akl said:
    Is c*****L*****P** a rabbit hole?, it is not working with me.

    Not a rabbit hole. Sounds like maybe you're just treating it as if its a plain text password?

  • Got user , but cant get a way to root. !! no idea!

  • Rooted. Great box. You learn the essentials of manual enumeration, note-taking and chaining exploits together while doing this box. Thanks to @VbScrub for the experience and nudges. Looking forward to the next one.

  • Type your comment> @febinrev said:

    Got user , but cant get a way to root. !! no idea!

    You need to enumerate the user itself to get a way forward poke into every item that you see.

    My YouTube Channel => https://www.youtube.com/c/NatzSec
    You can subscribe if you want :P

  • Rooted! Probably one of the most enjoyable machines I've done so far.

    User: there are plenty of good hints here, however one extra hint RE is very simple using dot peek and an online tool

    Root: Follow the same enum methodology as the users

    PM if you need any hints.

  • rooted! Thank you @VbScrub for this box has an extreme AD learning curve. i was lost a bit in root but was an awesome experience.!

  • rooted! very cool box with a lot of manual enum at the beginning that is easy to miss without patience. Thank you @VbScrub

    I will say between this box and the last one from this author, you really need to have a Windows VM running with a special spy tool installed in order to get through the homegrown RE steps. If anyone knows how to do the 2nd to last step on this box a different way, I would like to know!

    PS C:\Users\Administrator\Documents> whoami;hostname
    cascade\administrator
    CASC-DC1

    limelight

  • I found an interesting v** *******er.r* file and I believe I cracked what I needed from it, the only issue I am having is utilizing it... Can someone help give me a push over the cliff?

  • edited April 2020

    Type your comment> @RomanRII said:

    I found an interesting v** *******er.r* file and I believe I cracked what I needed from it, the only issue I am having is utilizing it... Can someone help give me a push over the cliff?

    There is a tool in github for cracking the hex, do remove the commas and use the tool to decode the password....... And Use that password to log in as user s.****h with evil

  • Anybody have any recs on which disassembler to use? dnSpy? Ollydbg?

  • Type your comment> @ori0nx3 said:

    For reverse engineering DotNet, my favorite tool is dnSpy. ;)

    OMG: Never heard of dnSpy before. Holy crap, for .net RE it is awesome. Thanks @ori0nx3

  • edited April 2020

    Rooted. Awesome box. manual enumeration, must take notes and significant lateral movements. RE part is little confusing for me because lack of RE. Thanks to @VbScrub for the experience and nudges. :blush:

  • edited April 2020

    Hmm.. I got the root.txt.. but when i copy the haste and submit HTB says it is incorrect, anyone got this problem?

    EDITED: ok i disconnect vpn and reconnect back.. the root.txt was refreshed. :D

  • Finally Rooted Cascade. Now I know why it is known as Cascade, it is like Matryeshka one after another....
    Thank you for the nudges by @idevilkz for the user nudge, @grumpychris and @tuzz for the dnspy nudge.

  • edited April 2020

    Ahhhh, I'm going to root, I have the user "a .... c" but I'm stuck. Any hint please

    PD: ROOTED!!! :) I always had it in front of me

  • Type your comment> @bato said:
    > Ahhhh, I'm going to root, I have the user "a .... c" but I'm stuck. Any hint please

    If you are user a****c then you have done the hard part. Look back to a file you found earlier in enumeration. It says something but someone that may not longer exist but has what you are looking for.

    If you are still before this step, then see previous comments about what it takes to do the RE.

    limelight

Sign In to comment.