Hack The Box :: Nest
#xattr #ADS #VB #.NET #AES-CBC #PBKDF2
Nest is an Easy Windows box created by VbScrub. It was released on January 25th, 2020 and retired on June 5th, 2020. The users rated the difficulty 5.2/10 and gave an appreciation score of 4/5.
TL;DR
We access some SMB shares anonymously and retrieve an HR email template containing a temporary user password. We have more accesses with that user and can read a bunch of XML configuration files in the IT share. They leak the encrypted password of the user C.Smith as well as a subfolder of the share Secure$. We mount that subfolder and retrieve the source code of a custom application RU Scanner that reads the config file with the encrypted password. The password is encrypted with AES256-CBC and uses PBKDF2 to derive the key from a passphrase. We decrypt the user password and retrieve the user flag from the Users/C.Smith shared folder. There is a custom service running as well. It allows us to explore the file system and read files if we have the password to enable the debug mode. We find an empty file in C.Smith folder that contains the debug password in its extended attributes (or streams). We activate the debug mode in the…
