Official Fuse Discussion

@ntroot said:

Can someone please pm how to get shell on this box… I have usernames and password, i know how it works and why so short, i know how to make it work again, can list pesky domain shares with nothing in them. Tried getting shell with imp****s tools but all are access denied. With what do i get shell here ?? Please PM me any hint, thanks!

If you can connect to a share, there is a client tool which you can use to enumerate various bits of technology which relate to the box.

From here you can find some credentials which give you a more stable bit of access via Evil.

If anyone is willing to PM a nudge regarding escalation to root it would be very much appreciated. Three days of looking at the same things with no progress tell me I may be over complicating it. Many thanks!

@11o said:

If anyone is willing to PM a nudge regarding escalation to root it would be very much appreciated. Three days of looking at the same things with no progress tell me I may be over complicating it. Many thanks!

I put it off for a long time because I thought it would be super hard. It turns out it isn’t.

Enumerate your account. Google the things it can do and one of them takes you to a page talking about how you can use it to privesc. Follow the advice there. (Unlike me who misread it and spent four hours trying to work out what was going wrong)

@TazWake, thanks for the advice, I’ll give that a go. It sounds (and definitely feels) like I’m in a rabbit hole at the moment.

i need a nudge in rpc*** part

Anybody else getting a “result was WERR_INVALID_NAME”?

Rooted.

Thank you to @TazWake for unsticking me and to @egre55 for a cracking learning experience. On to the next one.

Can someone DM with a nudge on initial foothold. I’ll let you know what I have tried.

@danielcues said:
Anybody else getting a “result was WERR_INVALID_NAME”?

I got that many times, wasn’t sure if it’s intended or not though. Tried all of the related enum around there that I could find with no luck. Looking manually in the share instead.

Got stuck at the root part, I know how to elevate it but the problem is when executing EC.** it isn’t working . I even modified the EC.** to execute r*sl instead of C but not working . Any help would be much appreciated and feel free to DM me

Finally Rooted!

It was a good box with some twist, learned something new, thanks @egre55.

PM for the nudge!

Type your comment> @danielcues said:

Anybody else getting a “result was WERR_INVALID_NAME”?

I had the same issue, welcome to the club… Thanks for @SanderZ31 to helping me out :slight_smile:

Recompiling and installing an older version of samba didn’t help either.

Sorry to say that but this was the worst machine in my life.

The user part was no sense. Absolutely.
The root part was only about compiling, I compiled 300 times the “loader” and it hasn’t worked, even the precompiled binaries that you can find online aren’t working.
I got the binary from a friend after struggling for one day.

If you were able to compile the “loader” (NOT THE EXPLOIT) I will be really happy to know how. PM me pls.

The only thing that this machine is teaching is that Capcom is evil.

This machine is giving me a headache. Especially with VS2019 in the mix. All good, I get it, its best to compile source code on the intended system/architecture. I was able to compile ELD***.cpp, no problems. However, for compiling E****C*****.cpp, I downloaded the master branch and just opened the .sln file, modified correct portion for my rev shell. It compiled successfully and I have the resulting executable, but I am receiving CreateFile Failed. HITS HEAD AGAINST WALL Any ideas?

Just wanted to mention: for foothold, you may want to strip out some file-extensions from your wordlist…

@termtype your problem is in the ELD***.cpp compilation. I’m 99,9999% sure.

Type your comment> @davihack said:

@termtype your problem is in the ELD***.cpp compilation. I’m 99,9999% sure.

Yes sir, you’re correct. I was able to get SYSTEM finally.

root@kali:~# nc -nvlp 443
listening on [any] 443 …
connect to [10.10.14.29] from (UNKNOWN) [10.10.10.193] 52049
Microsoft Windows [Version 10.0.14393]
(c) 2016 Microsoft Corporation. All rights reserved.

C:\Users\svc-print\Documents>whoami
whoami
nt authority\system

Got it!!! Much respect and props goes out to my fellow h4x0r’s: @bigFish43 , @r0kit, @hmadrwx, and @zer0bubble. w00t!

Please feel free to hit me up for hints/nudges. w00t!

@Taylur Pm me if you are still stuck.

Type your comment> @termtype said:

This machine is giving me a headache. Especially with VS2019 in the mix. All good, I get it, its best to compile source code on the intended system/architecture. I was able to compile ELD***.cpp, no problems. However, for compiling E****C*****.cpp, I downloaded the master branch and just opened the .sln file, modified correct portion for my rev shell. It compiled successfully and I have the resulting executable, but I am receiving CreateFile Failed. HITS HEAD AGAINST WALL Any ideas?

Have the same issues!!! Any help would be much appreciated