Cascade

@Supremacy said:

I feel sooooo close to root but am stuck. I have the A**S*C account but logged on with it I can’t see how to do a PrivEsc. Please PM me if you can help!

Enumerate what the account can do. Something unusual will stand out.

This box was just insane, thanks @VbScrub I learned so much.

Some hints:

User:
user 1 → Enum and you will find some creds
user 2 → Enum again and google is your friend when you don’t understand something

Root:
user 3 → Enum again and again and you’re going to find something that you’re going to have to look at from a different angle, or even the other way around.

The last step is easier than you think, there’s no need to complicate it when you can simply ENUM :wink:

So if anyone needs a nudge text me :smile:

+respect me if I helped you :wink:

FINALLY got root.

I think I’m going to enter the Olympic hurdling team after doing this box. Definitely learnt a lot about windows enumeration doing this box which is what I needed. Many thanks for all the nudges and breadcrumbs that people provided.

I can offer assistance on this one for those who are stuck, reach out. Redoing my walk through that i lost. take advantage while you can hahah

Rooted! Very nice box. I can’t give any other hints different from what I read here (and only read two). For both user and root, look carefully and pay attention, gather as much as you can, and think through it. A little bit of research won’t hurt.

PS C:\Users\Administrator\Documents> whoami
cascade\administrator

Done! PM if help needed

Nice Box @VbScrub
If anyone need help PM me.

got user! \o/

really different foothold and enum for me, i learn really new things, time to root !
pm me for any nudge on user part :slight_smile:

I used Windows twice to get past a step on the path to root, and I am glad I did. No way would I limit myself to Kali to get a job done. @VbScrub I hope you are not getting tired of complements, you are about to get another. Cascade is one of the best boxes I have done. It is realistic, well planned, and the enumeration chain is brilliant. You are a true credit to this community.

Type your comment> @HomeSen said:

@VbScrub said:

@sazouki said:
got user.txt but HTB keep saying it’s invalid lol ?

HTB News | Integrity of Hack The Box

This is getting ludicrous. Are we expected to reset a box, once we got user, just to get a fresh hash? :rage:
Got user, submitted the hash within 5-10s and got invalid. The Machine was NOT reset during those few seconds, since my session is still valid (and I didn’t see anything related in the shoutbox).
Now, even after resetting the machine, the hash is the same and invalid :confused:

If you got it once, just get it again. It’s actually good that they are doing this so people aren’t passing out hashes.

@NoName21 said:

@HomeSen said:

@VbScrub said:

@sazouki said:
got user.txt but HTB keep saying it’s invalid lol ?

HTB News | Integrity of Hack The Box

This is getting ludicrous. Are we expected to reset a box, once we got user, just to get a fresh hash? :rage:
Got user, submitted the hash within 5-10s and got invalid. The Machine was NOT reset during those few seconds, since my session is still valid (and I didn’t see anything related in the shoutbox).
Now, even after resetting the machine, the hash is the same and invalid :confused:

If you got it once, just get it again. It’s actually good that they are doing this so people aren’t passing out hashes.

I was basically just ranting/venting, since it’s pretty annoying that one has to sometimes issue several resets before the hash gets renewed and accepted :confused:

Hopefully, people will raise this with HTB so they can become aware of any problems.

finally rooted \o/

this machine is really enum chain, enum enum enum…
best windows machine thanks @VbScrub

thanks a lot @PettaByte and @Onurhan for all helps
feel free to pm me for nudges :slight_smile:

@dakkmaddy said:
@VbScrub I hope you are not getting tired of complements, you are about to get another. Cascade is one of the best boxes I have done. It is realistic, well planned, and the enumeration chain is brilliant. You are a true credit to this community.

haha thanks, and don’t worry I’m not tired of compliments yet :lol:

C:\Users\Administrator> whoami
cascade\administrator

Thanks for the box @VbScrub, i loved it :wink:.
Bit familiar with the RE part from the Nest box that u made, but really enjoyable.

I was stuck with foothold at the beginning, but then reading line by line and i found the juicy password…
After, the path to root was straight.

If anyone needs help, feel free to pm me :smile:

Firstly thanks to @VbScrub for this beautiful machine. Secondly thanks to @TazWake for that initial nudge for user3.

Rooted.

I will give two important points which will help to root the box.

  1. use breakpoints for exe and dlls.
  2. Sometimes you don’t need to recover just get the information from AD.

HTB complaining root flag to be incorrect. @VbScrub will reset set a new flag for root?

Finally reset worked to get the new flag.

PM for any help !!

Is cLP** a rabbit hole?, it is not working with me.

Edit: Got USER, thanks @VbScrub for the hint. On to ROOT

@Akl said:
Is cLP** a rabbit hole?, it is not working with me.

Not a rabbit hole. Sounds like maybe you’re just treating it as if its a plain text password?

Got user , but cant get a way to root. !! no idea!

Rooted. Great box. You learn the essentials of manual enumeration, note-taking and chaining exploits together while doing this box. Thanks to @VbScrub for the experience and nudges. Looking forward to the next one.