Official Fuse Discussion

Type your comment> @theonemcp said:

really stuck after getting the (hopefully complete) userlist. any nudge on getting password(s) would be appreciated :slight_smile:

same here

Rooted both User and System…User is not who you think it is…

man this initial foothold is really kicking my ■■■ lol seems like we only really have access to one thing and its a very basic thing that doesn’t seem to expose any useful info other than a few usernames. Can’t find any public exploits regarding it and even tried installing it on my own machine to explore, but the only interesting files there are not accessible on the HTB machine. Struggling to understand where people can have found credentials

Type your comment> @VbScrub said:

man this initial foothold is really kicking my ■■■ lol seems like we only really have access to one thing and its a very basic thing that doesn’t seem to expose any useful info other than a few usernames. Can’t find any public exploits regarding it and even tried installing it on my own machine to explore, but the only interesting files there are not accessible on the HTB machine. Struggling to understand where people can have found credentials

pb. :wink:

Type your comment> @VbScrub said:

man this initial foothold is really kicking my ■■■ lol seems like we only really have access to one thing and its a very basic thing that doesn’t seem to expose any useful info other than a few usernames. Can’t find any public exploits regarding it and even tried installing it on my own machine to explore, but the only interesting files there are not accessible on the HTB machine. Struggling to understand where people can have found credentials

I’m stuck at the same situation, I have usernames but I have no idea how to use them. Nothing seems to work. Any nudge would be appreciated!

I have found “valid” credentials, but not sure how I’m supposed to leverage them…

User Flag in the books…

And away we go @user0n3 @SanderZ31 … Lets see how long it takes to get a root flag. <poured myself a tall beer because i am sure this will be a long bumpy ride!>

Root- done.

Got user but struggling to pass to the second user… Anybody has a nudge?

Spoiler Removed

On my way to root! Kudos @SanderZ31 !

Yeah I’m also in the same boat.

I have usernames and have exhausted my options. Even been checking past machines! Nothing seems to work. Any nudge would be appreciated!

Is it just me or does something constantly reset the passwords of the account(s) that we have a password for? The passwords need to be changed, so I change the password and can successfully access some things but literally 20 seconds later it has changed back. I assume this is to make sure the box stays functional, but its making it super awkward to actually get anywhere for me and I feel like I’m cheesing it by resetting the password every few seconds. Doesn’t feel like the intended path…

Rooted! Cool box, enum has to be decent to get foothold. Enjoyed the privilege escalation part - a neat trick for real world if it comes up.

@VbScrub said:

Is it just me or does something constantly reset the passwords of the account(s) that we have a password for? The passwords need to be changed, so I change the password and can successfully access some things but literally 20 seconds later it has changed back. I assume this is to make sure the box stays functional, but its making it super awkward to actually get anywhere for me and I feel like I’m cheesing it by resetting the password every few seconds. Doesn’t feel like the intended path…

I wrote a script that automates the changing part and then this allows you to use the credential for open services. Once you are connected, you don’t need the password.

@pudii said:
I wrote a script that automates the changing part and then this allows you to use the credential for open services. Once you are connected, you don’t need the password.

Trouble is for me that’s not true. When I access S** or L*** with the new credentials, I get kicked out as soon as the password gets reset. Guess I need to look at connecting in some other way.

EDIT: Managed to just do quick enum between password resets and found the info I needed to get user flag

rooted. Fun box. I have also enjoyed priv escalation.

Cool box, learned some cool new things!

Type your comment> @VbScrub said:

@pudii said:
I wrote a script that automates the changing part and then this allows you to use the credential for open services. Once you are connected, you don’t need the password.

Trouble is for me that’s not true. When I access S** or L*** with the new credentials, I get kicked out as soon as the password gets reset. Guess I need to look at connecting in some other way.

EDIT: Managed to just do quick enum between password resets and found the info I needed to get user flag

You can connect by something else :slight_smile:

Root! Required some coding. Fun box!

Anyone also have problems with compiling the exploit using m***w?