Official Fuse Discussion

1567911

Comments

  • I am losing my fucking mind

  • Can someone help me load this god damn driver

  • Type your comment> @sparrow1 said:

    Type your comment> @magomed said:

    Can someone give me a nudge on the initial foothold? I swear I've enumerated every service to my ability. Literally don't understand where I'm going wrong.

    Examine all that you can on the webpage. There are interesting things in there. Some words out of place maybe?

    Thanks mate! Will look into it!

    PM for nudges, I'm almost available 24/7.

  • I have trouble compiling the E******C****** file at the end, tips?

    PM if you can give me a nudge :p

  • Why was i able to jump from initial shell to root ??
    user2 was totally skipped.

    some member messed up the user privs??
    can someone confirm??

    Rayz

  • edited July 10
    i am stuck at user and would need a sanity check. I think I know what to do to get to the next step but it seems my connection is to slow with s*b and everything is reset before I can make use of the change. If someone could please pm me and I will explain what I am trzing to do.

    zaphoxx

  • Type your comment> @nav1n said:

    IMHO, this box didn't get the fair rating, it should have got the rating "hard". For me it was harder than Blackfield because it was a straight forward machine. But, Fuse is NOT.
    I believe, if the machine requires a custom exploit or some lines of coding, that should consider as "hard machine". Thank you @egre55 for the great fun filled ride .

    This makes me feel less stupid, hahah!

    PM for nudges, I'm almost available 24/7.

  • i found password but when i tried to use that password with the usernames found , no username and password combination works . i am getting this error.

    Error: An error of type WinRM::WinRMAuthorizationError happened, message is WinRM::WinRMAuthorizationError

    Error: Exiting with code 1.

    What i am doing wrong here. :confused:

    Hack The Box
    If i helped you and tried to explained you! just give me a respect. click on the img to get my profile link.!
    Profile : https://www.hackthebox.eu/home/users/profile/17564

  • edited July 11

    Can somebody help me with compiling the exploit. I am using VS 19 but after executing .exe I get no output at all.

    Edit: rooted. I was compiling it in a wrong way.
    Generally it is a very bad box (before the root part). Initial foothold and user are absolutely kings of CTF style which is pretty bad because people on HTB looking for learning real skills and not solving puzzles. This is at least a third box with a password hidden on page for last couple machine that I solved. Did author really think that there are passwords hidden between the lines or it's just his wet dreams?

  • Type your comment> @Rayz said:

    Why was i able to jump from initial shell to root ??
    user2 was totally skipped.

    some member messed up the user privs??
    can someone confirm??

    That's just the way it is, the privs are legit don't worry ;)
    Nobody messed up with the user privs :)

    'These violent delights have violent ends'

  • @zaphoxx said:
    i am stuck at user and would need a sanity check. I think I know what to do to get to the next step but it seems my connection is to slow with s*b and everything is reset before I can make use of the change. If someone could please pm me and I will explain what I am trzing to do.

    The reset are normal :), u just need to use what u have with the right service.

    'These violent delights have violent ends'

  • Type your comment> @sn0b4ll said:

    Type your comment> @MTOTH said:

    Type your comment> @danielcues said:

    Anybody else getting a "result was WERR_INVALID_NAME"?

    I had the same issue, welcome to the club.... Thanks for @SanderZ31 to helping me out :)

    Recompiling and installing an older version of samba didn't help either.

    Sadly getting the same error - did you find a fix?

    Sure. Do.not.use.hostname!

  • idk why i cant take shell after runing ex*****a****.exe!

  • Type your comment> @falsepromise said:

    idk why i cant take shell after runing ex*****a****.exe!

    It depends on what u have done with the code..

    'These violent delights have violent ends'

  • As the author of the box I’m happy to discuss any questions you have about realism @VoltK

    If anything the root is the most unrealistic component, due to how Microsoft has changed the behavior in later releases of Windows, you are less likely to see this is many environments.

    User is very realistic and something you see in real environments.

    I accept that foothold is contrived to a certain extent, but if you gain a foothold on such a device, even the names might be insightful, in terms of company-specific language/vocabulary

    egre55

  • @egre55 said:

    As the author of the box I’m happy to discuss any questions you have about realism @VoltK

    If anything the root is the most unrealistic component, due to how Microsoft has changed the behavior in later releases of Windows, you are less likely to see this is many environments.

    User is very realistic and something you see in real environments.

    I accept that foothold is contrived to a certain extent, but if you gain a foothold on such a device, even the names might be insightful, in terms of company-specific language/vocabulary

    Totally agree. And as a professional pentester, I can confirm that this kind of information leakage (and the resulting "breach") are all too common. Especially with larger infrastructures, you WILL find passwords for all kinds of services and users that are derived from publicly available information about the target.
    Due to the limited attack surface (usually, a single system), the foothold always has to be slightly "crafted", but on this box it is a very tiny "slightly".


    Hack The Box
    GREM | OSCE | GASF | eJPT

  • For anyone that don't get any output of the first executable, but still works locally - Make sure you compile that in the same build as the second executable under different name.

    v1ew-s0urce.flv
  • edited July 14

    Spoiler Removed

  • @n00baaa said:

    so,Is this a problem with the machine itself or an exploit attack?

    I think it is an issue with the way you've run the exploit.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • @HomeSen said:

    @egre55 said:

    As the author of the box I’m happy to discuss any questions you have about realism @VoltK

    If anything the root is the most unrealistic component, due to how Microsoft has changed the behavior in later releases of Windows, you are less likely to see this is many environments.

    User is very realistic and something you see in real environments.

    I accept that foothold is contrived to a certain extent, but if you gain a foothold on such a device, even the names might be insightful, in terms of company-specific language/vocabulary

    Totally agree. And as a professional pentester, I can confirm that this kind of information leakage (and the resulting "breach") are all too common. Especially with larger infrastructures, you WILL find passwords for all kinds of services and users that are derived from publicly available information about the target.
    Due to the limited attack surface (usually, a single system), the foothold always has to be slightly "crafted", but on this box it is a very tiny "slightly".

    I just want to add to this - because I quite strongly agree with @HomeSen and @egre55.

    Although I am not a pentester, I work in incident response and I've lost count of the number of events which have been a result of the kind of issue presented here. It's why the tool most people will have used exists and why recon is a critical step taught on every pentest course.

    While the privesc is a bit unrealistic for an organisation with a well patched, up-to-date environment, in 2020 I've seen organisations with Windows 2000 Active Directory servers...

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • edited July 14

    I try build E-L--D--.cpp with VS2019.build successful,but it no any output when i run E--L--D--.exe in the machine, If someone successfully compiled E--L--D--.cpp, please DM me.
    I want to know where is the problem.
    thank you!

  • edited July 16

    Root: For those who are facing problems with the E*LD.cpp update,
    Hope this is not considered a Spoiler!!!

    1 - Download the project to your windows machine. Unzip it.
    2 - Open VS2019
    3 - Open file E******C****m.sln
    4 - Open file .cpp and update it accordingly ( look at this code approach: https://cboard.cprogramming.com/windows-programming/109024-createprocess-plus-command-line.html.)
    5 - Compile!!!!!!
    6 - Upload the .exe and the recommended files to the server and shot!!!

    Just rooted!!!

  • Type your comment> @egre55 said:

    As the author of the box I’m happy to discuss any questions you have about realism @VoltK

    If anything the root is the most unrealistic component, due to how Microsoft has changed the behavior in later releases of Windows, you are less likely to see this is many environments.

    User is very realistic and something you see in real environments.

    I accept that foothold is contrived to a certain extent, but if you gain a foothold on such a device, even the names might be insightful, in terms of company-specific language/vocabulary

    Respect to the Box Creator @egre55 ,The box is Real ,enum,recon are real world ,vulnerabilities can be patched ,Not humans

  • Type your comment> @AangAirBender said:
    > Root: For those who are facing problems with the E*L**D**.cpp update,
    > Hope this is not considered a Spoiler!!!
    > 
    > 1 - Download the project to your windows machine. Unzip it.
    > 2 - Open VS2019
    > 3 - Open file E******C****m.sln
    > 4 - Open file .cpp and update it accordingly ( look at this code approach: https://cboard.cprogramming.com/windows-programming/109024-createprocess-plus-command-line.html.)
    > 5 - Compile!!!!!!
    > 6 - Upload the .exe and the recommended files to the server and shot!!!
    > 
    > Just rooted!!!
    

    This was very helpful while getting the root.

    Thanks @TazWake @acidbat @Chobin73 for the nudges

    Finally rooted.

    PM if you need help.

  • Type your comment> @blacViking said:

    Type your comment> @AangAirBender said:
    > Root: For those who are facing problems with the E*L**D**.cpp update,
    > Hope this is not considered a Spoiler!!!
    > 
    > 1 - Download the project to your windows machine. Unzip it.
    > 2 - Open VS2019
    > 3 - Open file E******C****m.sln
    > 4 - Open file .cpp and update it accordingly ( look at this code approach: https://cboard.cprogramming.com/windows-programming/109024-createprocess-plus-command-line.html.)
    > 5 - Compile!!!!!!
    > 6 - Upload the .exe and the recommended files to the server and shot!!!
    > 
    > Just rooted!!!
    

    This was very helpful while getting the root.

    Thanks @TazWake @acidbat @Chobin73 for the nudges

    Finally rooted.

    PM if you need help.

    Glad to know that it helped!!!!!

  • edited July 21

    I feel like an idiot. I've got everything compiled, but I cannot for the life of me get the files onto the target.
    I've got an evil-winrm session, but every command I try returns with "host cannot be found" when I try to pull the files from my machine to the target.

    (EDIT: using IPs and not hostnames)
    (EDIT2: Nope, I am an idiot. Got it resolved, and got root.)

  • edited July 19

    i would like to know why i didn't connected its stoped here ..

    listening on [any] 4444 ...
    connect to [10.10.15.106] from fuse.fabricorp.local [10.10.10.193] 52557

    nevefrmind

    Why 50 53R10U5

  • Type your comment> @Jk3r16 said:

    i would like to know why i didn't connected its stoped here ..

    listening on [any] 4444 ...
    connect to [10.10.15.106] from fuse.fabricorp.local [10.10.10.193] 52557

    NEVERMIND My bad

    Why 50 53R10U5

  • edited July 25
    Is anyone else having a problem with clock skew? I tried syncing my machine with the ntp server, but then that screws up OpenVPN and I lose connect to the whole network. Is there another way short of running a VM in my VM?

    edit: i'm dumb. was trying to connect to a service to do a step, and I didn't need to. There was another, probably more commonly used way to do what I needed. Got user.

    Cyberpathogen

  • Rooted, nice box, Thanks to the creator @egre55
    if any one would like a help dm me or catch me on discord

    =======================================================================

    If what i send is helpful please consider clicking the 'give respect' button :-)

Sign In to comment.