Mounting VHD Files and Windows Privilege Escalation | HackTheBox Bastion | CREST CRT Track
HackTheBox Bastion was a reliable easy-to-use box that presented just a few minor difficulties, such as mounting a VHD from a file sharing and regaining access to a password vault program. It begins, somewhat strangely, without a website and instead uses vhd images stored on an SMB share. Once mounted, these images give access to the registry hive needed to get credentials. These credentials enable the user to ssh into the host. We’ll exploit the mRemoteNG installation to pull the profile data and encrypted data, then demonstrate multiple techniques to decrypt those in order to gain administrator access. We can ssh in as administrator after We figure out the administrator password.