Official Blackfield Discussion

17891012

Comments

  • To whoever is trying to view the content of root.txt at the final step and getting an access denied error, if you are using impaket tool then try another one.
    I did and it worked!

  • edited August 2020

    I am enjoying this box. It feels real.

    Got usernames, working on getting some hashes.

    Edit:

    Just got user. AD boxes are always very interesting.

    Based on the name of the account I'm in, I have an idea of what my next move is.

    discord = heuvosenfuego#1515 - happy to talk about your attack, discord is always open

  • I have 2 users accounts. I am working on my third account. I have a hash but I can't crack it. Can some send me PM to discuss?

  • @marvin7408 said:
    I have 2 users accounts. I am working on my third account. I have a hash but I can't crack it. Can some send me PM to discuss?

    There's more to be done with hashes than just cracking them.

    discord = heuvosenfuego#1515 - happy to talk about your attack, discord is always open

  • edited August 2020

    Type your comment> @returnz said:

    To you and other peeps who face the same issue try this:

    smbclient \\your ip\share -U 'foo' --socket-options='TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE SO_RCVBUF=131072 SO_SNDBUF=131072' -t 40000

    worked for me!

    Many thanks! I spent hours trying to get some of those files. Thanks to you hint I got the user flag in a minute. Let's go for root.

    Update: after an almost sleepless night struggling with the root flag, I get the infamous incorrect flag message.

    Grrrrrr :rage:

    new update: a reset did "fix" it.

  • Type your comment> @heuvosenfuego said:

    @marvin7408 said:
    I have 2 users accounts. I am working on my third account. I have a hash but I can't crack it. Can some send me PM to discuss?

    There's more to be done with hashes than just cracking them.

    Yes I noticed. I have the user flag :)

  • I'm stuck after USER1 (at least I think it is user1 ;). Could someone give me a nudge to help me get USER2?

  • @Qtang said:

    I'm stuck after USER1 (at least I think it is user1 ;). Could someone give me a nudge to help me get USER2?

    It really depends on who you mean by user1.

    If it is the same as my user1 then it might need some obscure research into things that account can do to other accounts.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • I finally got the root.txt flag only to have it rejected by the system! I don't have time to do this again! Has anybody reported this problem?

  • @tejon said:

    I finally got the root.txt flag only to have it rejected by the system! I don't have time to do this again! Has anybody reported this problem?

    https://hackthebox.atlassian.net/servicedesk/customer/portal/1/user/login?destination=portal/1

    It happens reasonably often and most of the threads have a discussion about this and popular solutions, but if you don't report it, HTB won't know about the problem.

    The driving force is trying to prevent flag sharing so it's unlikely that HTB will go back to static flags.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Rooted finally
    PM me if need help!

  • Rooted. I'm interested to know if anyone did it a different way. I was able to use S*B************** in interesting ways but ultimately could only get what I needed with w******n. I'm interested to know if anyone didn't use this.

  • I have rooted the machine but for some reason the root flag isn't being accepted? Anyone else having similar troubles?

    C:\Users\Administrator\desktop> whoami ; ipconfig
    blackfield\administrator
    
    Windows IP Configuration
    
    
    Ethernet adapter Ethernet0 2:
    
       Connection-specific DNS Suffix  . :
       IPv6 Address. . . . . . . . . . . : dead:beef::fc37:9898:f577:d917
       Link-local IPv6 Address . . . . . : fe80::fc37:9898:f577:d917%17
       IPv4 Address. . . . . . . . . . . : 10.10.10.192
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : 10.10.10.2
    

    N3ph0s

    Discord n3ph0s#7012

  • @n3ph0s said:

    I have rooted the machine but for some reason the root flag isn't being accepted? Anyone else having similar troubles?

    Two posts above yours: https://forum.hackthebox.eu/discussion/comment/81497/#Comment_81497

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • rooted. Root part wasn't that difficult but the process to get user was. If you don't understand standard windows services, ur gonna have a hard time (like i did). But getting root feels good at the end.

    s3nt1nel

  • Evil-WinRM PS C:\Users\Administrator\Desktop> whoami
    blackfield\administrator

    Finally got it!! really enjoyed it tnx for this box

    ThinkOutsideTheBox

    Blacksnufkin

  • ERROR: Incorrect hash for Backfield
    ---> i got root.txt
    Evil-WinRM PS C:\Users\Administrator\desktop> whoami
    blackfield\administrator

    Scorpion4347

  • i'm unable to submit root flag ....i got root.txt!! but showing incorrect hash for blackfield!!

    Scorpion4347

  • @scorpion4347 said:

    ERROR: Incorrect hash for Backfield
    ---> i got root.txt
    Evil-WinRM PS C:\Users\Administrator\desktop> whoami
    blackfield\administrator

    Did you read the post that was three places before yours?

    https://forum.hackthebox.eu/discussion/comment/82097/#Comment_82097

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • rooted!!
    ping me for any hints and tips

    Scorpion4347

  • edited September 2020
    @scorpion4347 said:
    > rooted!!
    > ping me for any hints and tips

    Congrats on rooting continuously. Probably he might be in lockdown with Laptop & Internet alone. :smiley:

    Just 4 fun.

    A Chemist doing Penetration Testing - Check the Story here: BinaryBiceps

  • @gunroot said:

    Congrats on rooting continuously. Probably he might be in lockdown with Laptop & Internet alone. :smiley:

    Just 4 fun.

    it's not actually that continuous. I thought it was a bit strange but it turns out they rooted this box a few hours before posting it, and some of the other boxes were a week ago.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • @TazWake said:

    it's not actually that continuous. I thought it was a bit strange but it turns out they rooted this box a few hours before posting it, and some of the other boxes were a week ago.

    Lol! I didn't see his HTB profile. :)

    A Chemist doing Penetration Testing - Check the Story here: BinaryBiceps

  • @gunroot said:

    Lol! I didn't see his HTB profile. :)

    :+1:

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Wow!! This box was intense!! I struggled a lot with the root part but with all of your's hints and some very useful articles, I was able to make it! Thanks all!
    I can try and help if anyone wants any small hints - though I doubt that everything you need is all given in here!

  • And...rooted! Really had fun with this one! Banged my head against the wall on Compromised for a day or two, so I decided to try blackfield. For foothold and user I think I used exactly the same route/path as everyone else. However for root/system...I really don't think so: there is a much faster way than those horrible, clunky b****up commands/scripts, that for me at least, just did NOT want to work, no matter how I formatted everything and what prayers I chanted to the HTB Gods --- but then I started thinking...wait, with those privs come other, mm...possibilities -- so, with a certain PS mo**le one becomes quite powerful...this certain PS script can be found in the wild and lets you do interesting things...modules to make an exact copy of your system...on your system - could that be used for more???
    :-)

  • Whew... getting root was tough not gonna lie, really excellent box though :)

    m3ll0

    OSCP

  • HTB is not accepting the root flag btw lol, big oof

    m3ll0

    OSCP

  • Type your comment> @m3ll0 said:

    HTB is not accepting the root flag btw lol, big oof

    Noticed the same.

  • TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

Sign In to comment.