Official Fuse Discussion

Initial foothold:
is about enumerating and making a list…

Root:
You need to use a special software.

Ping me if you need any nudge.

Finally Rooted…what a machine…!! It’s all about enumerating the box and identifying the purpose of the box…!!

And Rooted!

That was a crazy ride…Definitely learned some things and had to step outside of my comfort zone on a few things. Glad that it is over, and oddly looking forward to another one from @egre55.

Thanks to @matheusbrat @syro @M3noetius and @algernope for pointing me in the right direction through this journey.

DM me on Discord @v3r1t4s06 if you are having trouble. Cheers!

Rooted…with complains.
The foothold indeed was a good sneaky thing…thanks to @SanderZ31 for pullinge me out of swamps.
Root is a totally different thing.
No, really, this is not at all something that depends of the “hardness” of a “medium” box.
I’m not into the argument that you need a win box to go ahead: this is ok. If you want to exploit windows you must have some grip on MS, then sometimes using windows is a “must”.
The point is that what you need to go ahead is an “ability” not linked at all neither to the vulnerability itself nor to the capability to spot out a path to root and not even on the understanding of windows internals.
Am I really expected to spend days debugging my own rig to root a “medium” box just because this git compiles only on that specific platform? :confused:
Thanks also to @ellj for addressing me to the binaries: you probably also saved my marriage!! :lol:

Rooted. Foothold is very similar to one of the recent box released. Check out your notes if you have taken down. Complained initially because the box doesn’t seemed to work the way I thought it supposed. Solved after reset once.
Root process was slightly difficult for me. Follow the comments closely you know VS helps in code compilation. Broad concept for root process is also similar to one of the recent box released too.
If you see something strange, google it. You will eventually know the path to root. Thanks to box creator :slight_smile:

For anyone struggling with the reset, take a look at autoexpect. Makes it a breeze :wink:

Rofl, i’m connected to smb but enum for user part make me crazy…

Can someone give me a nudge please ? :cry:

Edit : Feel stupid, thanks for the nudge :slight_smile:

I am lost - did dig the additional host detail etc and have the usersin a list. lost on next steps if anyone can nudge me on next steps - pretty please

Type your comment> @Somnus said:

OK VS is now driving me insane.

I think i have a character set or similar problem and have no idea where to start looking to fix it.

some how

#define FOO _T(“\\ab\\”) in source translates into ?? on console and 慜屢 in the final destination.

If any one understands my vague description or how to force VS to behave I would appreciate a hint/nudge/hand

OK so finally got this working after giving up on the #define FOO _T(“\\ab\\”) sections and basically doing a find and replace /hard coding the variables within the source file.

Wow this machine was hard, the initial foothold makes me feel a bit disappointed about my enumeration skills, but at the end I could understand that everything in it was new to me, so thanks to @egre55 for uploading it.

Also thanks to @ferreirasc for helping me in the Initial foothold of this one, without your hints, I could never finish it

My Hints:

User:

  • The famous tool is not smart enough to extract what you need from the site, so do it manually (I could achieve this thanks to @ferreirasc )
  • Machines without a monitor are also important (I also could achieve this thanks to @ferreirasc )

Root

  • You are more powerful than you could think

You can delete this post if you consider it spoiler

Rooted. After two night of attempt …
I did not appreciate the obligation relating to the VS.
Excluding this detail, a good experience.
Thanks to @egre55 for this nice box

Finally got round to trying to get root on this and was successful fairly quickly (once I’d rewritten one of the PoC tools in VB of course). Pretty much just look at what your account is allowed to do, google it, and you’ll find some examples and code to help.

I don’t really agree with people saying that needing to use VS is a problem. The free version will do everything you need.

At the end of the day HTB exists to help you learn/practice real world hacking techniques, and if one of those techniques requires you to install a completely free piece of software on the world’s most common desktop OS, I don’t think HTB should feel like they have to avoid that.

In a real world pentest, you can’t expect your customers network to be tailored specifically to the OS and tools you prefer using. If you’re attacking Windows machines, I think its perfectly reasonable to expect you to have a Windows machine and be willing to use a free tool like VS. If you don’t like that then maybe stick to attacking the Linux boxes

Type your comment> @VbScrub said:

Finally got round to trying to get root on this and was successful fairly quickly (once I’d rewritten one of the PoC tools in VB of course). Pretty much just look at what your account is allowed to do, google it, and you’ll find some examples and code to help.

I don’t really agree with people saying that needing to use VS is a problem. The free version will do everything you need.

At the end of the day HTB exists to help you learn/practice real world hacking techniques, and if one of those techniques requires you to install a completely free piece of software on the world’s most common desktop OS, I don’t think HTB should feel like they have to avoid that.

In a real world pentest, you can’t expect your customers network to be tailored specifically to the OS and tools you prefer using. If you’re attacking Windows machines, I think its perfectly reasonable to expect you to have a Windows machine and be willing to use a free tool like VS. If you don’t like that then maybe stick to attacking the Linux boxes

Totally agree with you. We need to adapt and I would say even more it is all the interest of this platform to discover different techniques, tools, methodology etc…

Type your comment> @VbScrub said:

Finally got round to trying to get root on this and was successful fairly quickly (once I’d rewritten one of the PoC tools in VB of course). Pretty much just look at what your account is allowed to do, google it, and you’ll find some examples and code to help.

I don’t really agree with people saying that needing to use VS is a problem. The free version will do everything you need.

At the end of the day HTB exists to help you learn/practice real world hacking techniques, and if one of those techniques requires you to install a completely free piece of software on the world’s most common desktop OS, I don’t think HTB should feel like they have to avoid that.

In a real world pentest, you can’t expect your customers network to be tailored specifically to the OS and tools you prefer using. If you’re attacking Windows machines, I think its perfectly reasonable to expect you to have a Windows machine and be willing to use a free tool like VS. If you don’t like that then maybe stick to attacking the Linux boxes

I totally agree with you. We need to know both sides. Linux and windows… and more

i got a list of users and have tried to enumerate with them but cant find a path for the initial foothold, can someone please give me some direction?

***UPDATE - i was able to get creds

got user …
thanks to @ferreirasc for making me try again, i have it; but not use info correctly.

Would appreciate a nudge towards initial foothold. I have a list of users which I put together manually via enumeration of the app, and I am able to confirm that they are valid users, but can’t seem to get beyond that.

I noticed that r******* allows logging in without anything, but the actions I can perform are very minimal.

EDIT: Got initial foothold, even if you are being cool make sure to be cool with the right flags.

Type your comment> @adnanthekhan said:

Would appreciate a nudge towards initial foothold. I have a list of users which I put together manually via enumeration of the app, and I am able to confirm that they are valid users, but can’t seem to get beyond that.

I noticed that r******* allows logging in without anything, but the actions I can perform are very minimal.

Check all the commands you can use inside the tool r*****e*t and you will get a hit when you notice.

Do you need to get User2 after getting the user.txt flag in order to proceed further ? If so, I’d appreciate a hint, I’m kinda stuck at this point.

Thanks !

Type your comment> @Chobin73 said:

Rooted…with complains.
The foothold indeed was a good sneaky thing…thanks to @SanderZ31 for pullinge me out of swamps.
Root is a totally different thing.
No, really, this is not at all something that depends of the “hardness” of a “medium” box.
I’m not into the argument that you need a win box to go ahead: this is ok. If you want to exploit windows you must have some grip on MS, then sometimes using windows is a “must”.
The point is that what you need to go ahead is an “ability” not linked at all neither to the vulnerability itself nor to the capability to spot out a path to root and not even on the understanding of windows internals.
Am I really expected to spend days debugging my own rig to root a “medium” box just because this git compiles only on that specific platform? :confused:
Thanks also to @ellj for addressing me to the binaries: you probably also saved my marriage!! :lol:

Agreed