Forest was retired on HackTheBox.eu so let's sum up what I learned while solving this Windows box.
The Forest Windows box retired this weekend on HackTheBox. Getting user was quite straight forward but escalating privileges was a little more compricated. We’ll have a look at BloodHound for that last step, it’s an open source tool that I use a lot for work now and that I can’t recommend enough.
1: Recon First, I do the usual nmap scan I start with on all boxes: nmap -A -T5 10.
Bastion just retired this weekend on HackTheBox.eu so I thought I would do a short write-up of what I learned during this Windows box.
The Bastion Windows box retired this weekend on HackTheBox. It was a Windows box, quite easy to solve but learned a lot along the way. It’s my first write-up of a HTB box so it might not be the best but hopefully it will be a nice summary! We learn about SMB, mounting VHD in Linux, stealing Windows hashes, cracking them with John, and exploiting a program for Privesc.
1: Recon First, I do the usual nmap scan I start with on all boxes: nmap -A -oN nmap-bastion.
One of the first things I was asking myself when finally getting access to a linux server at my very beginning was 'How do I even upload the enumeration tools to do the privilege escalation?'. I got the question from someone who was beginning on HTB recently so this short article might help.
Privilege Escalation (privesc) When getting access to a server, either during a CTF or a pentesting assignment, you will probably have a limited access to the server itself. Probably because you accessed it through a compromised user. Your goal is to find a way to become root which would give you unlimited access to the server and the running programs. See, developers and sysadmins can make mistakes and have the programs running with the wrong settings.
Here is the second part of the i18 CTF with 4 more challenges. This time I learned about Reverse Engineering, DNS lookup, more RE, and finally some steganography that ended up not working.
5: Lett fluidmekanikk An executable file.
Clue one: The program also accepts the password as an argument.
Clue two: The password exists (perhaps) in a dictionary.
We get an executable file asking for a password. Enter the wrong one and it quits. I’m a complete beginner in Reverse Engineering but I have enjoyed a few tutorial videos so let’s jump right in with Immunity.
When you open the file, right click View module ‘crackme’.
I was given the link to this CTF that ran back in 2015, and I thought I would take the opportunity to start writing about my thought process using these challenges. If you want to try for yourself, the link is at the beginning of the post.
The i18 has 13 challenges that you can find at this address. This CTF is in Norwegian, but has a very small amount of text so google translate is more than enough, but I will translate the text and clues to english here. This is the first part of my writeup where I will do the first 4 challenges. It is very possible that I will make mistakes or take longer path to the flag, so if you have any recommandation or correction, feel free to contact me by email or twitter.