Cascade

Type your comment> @HomeSen said:

@VbScrub said:

@sazouki said:
got user.txt but HTB keep saying it’s invalid lol ?

HTB News | Integrity of Hack The Box

This is getting ludicrous. Are we expected to reset a box, once we got user, just to get a fresh hash? :rage:
Got user, submitted the hash within 5-10s and got invalid. The Machine was NOT reset during those few seconds, since my session is still valid (and I didn’t see anything related in the shoutbox).
Now, even after resetting the machine, the hash is the same and invalid :confused:

If you got it once, just get it again. It’s actually good that they are doing this so people aren’t passing out hashes.

@NoName21 said:

@HomeSen said:

@VbScrub said:

@sazouki said:
got user.txt but HTB keep saying it’s invalid lol ?

HTB News | Integrity of Hack The Box

This is getting ludicrous. Are we expected to reset a box, once we got user, just to get a fresh hash? :rage:
Got user, submitted the hash within 5-10s and got invalid. The Machine was NOT reset during those few seconds, since my session is still valid (and I didn’t see anything related in the shoutbox).
Now, even after resetting the machine, the hash is the same and invalid :confused:

If you got it once, just get it again. It’s actually good that they are doing this so people aren’t passing out hashes.

I was basically just ranting/venting, since it’s pretty annoying that one has to sometimes issue several resets before the hash gets renewed and accepted :confused:

Hopefully, people will raise this with HTB so they can become aware of any problems.

finally rooted \o/

this machine is really enum chain, enum enum enum…
best windows machine thanks @VbScrub

thanks a lot @PettaByte and @Onurhan for all helps
feel free to pm me for nudges :slight_smile:

@dakkmaddy said:
@VbScrub I hope you are not getting tired of complements, you are about to get another. Cascade is one of the best boxes I have done. It is realistic, well planned, and the enumeration chain is brilliant. You are a true credit to this community.

haha thanks, and don’t worry I’m not tired of compliments yet :lol:

C:\Users\Administrator> whoami
cascade\administrator

Thanks for the box @VbScrub, i loved it :wink:.
Bit familiar with the RE part from the Nest box that u made, but really enjoyable.

I was stuck with foothold at the beginning, but then reading line by line and i found the juicy password…
After, the path to root was straight.

If anyone needs help, feel free to pm me :smile:

Firstly thanks to @VbScrub for this beautiful machine. Secondly thanks to @TazWake for that initial nudge for user3.

Rooted.

I will give two important points which will help to root the box.

  1. use breakpoints for exe and dlls.
  2. Sometimes you don’t need to recover just get the information from AD.

HTB complaining root flag to be incorrect. @VbScrub will reset set a new flag for root?

Finally reset worked to get the new flag.

PM for any help !!

Is cLP** a rabbit hole?, it is not working with me.

Edit: Got USER, thanks @VbScrub for the hint. On to ROOT

@Akl said:
Is cLP** a rabbit hole?, it is not working with me.

Not a rabbit hole. Sounds like maybe you’re just treating it as if its a plain text password?

Got user , but cant get a way to root. !! no idea!

Rooted. Great box. You learn the essentials of manual enumeration, note-taking and chaining exploits together while doing this box. Thanks to @VbScrub for the experience and nudges. Looking forward to the next one.

Type your comment> @febinrev said:

Got user , but cant get a way to root. !! no idea!

You need to enumerate the user itself to get a way forward poke into every item that you see.

Rooted! Probably one of the most enjoyable machines I’ve done so far.

User: there are plenty of good hints here, however one extra hint RE is very simple using dot peek and an online tool

Root: Follow the same enum methodology as the users

PM if you need any hints.

rooted! Thank you @VbScrub for this box has an extreme AD learning curve. i was lost a bit in root but was an awesome experience.!

rooted! very cool box with a lot of manual enum at the beginning that is easy to miss without patience. Thank you @VbScrub

I will say between this box and the last one from this author, you really need to have a Windows VM running with a special spy tool installed in order to get through the homegrown RE steps. If anyone knows how to do the 2nd to last step on this box a different way, I would like to know!

PS C:\Users\Administrator\Documents> whoami;hostname
cascade\administrator
CASC-DC1

I found an interesting v** ******er.r file and I believe I cracked what I needed from it, the only issue I am having is utilizing it… Can someone help give me a push over the cliff?

Type your comment> @RomanRII said:

I found an interesting v** ******er.r file and I believe I cracked what I needed from it, the only issue I am having is utilizing it… Can someone help give me a push over the cliff?

There is a tool in github for cracking the hex, do remove the commas and use the tool to decode the password… And Use that password to log in as user s.****h with evil

Anybody have any recs on which disassembler to use? dnSpy? Ollydbg?

Type your comment> @ori0nx3 said:

For reverse engineering DotNet, my favorite tool is dnSpy. :wink:

■■■: Never heard of dnSpy before. Holy ■■■■, for .net RE it is awesome. Thanks @ori0nx3

Rooted. Awesome box. manual enumeration, must take notes and significant lateral movements. RE part is little confusing for me because lack of RE. Thanks to @VbScrub for the experience and nudges. :blush: