Official Fuse Discussion

Shout out to TazWake for the nudge! Thanks! Finally rooted! It was starting to break me.

Type your comment> @TazWake said:

@aut0exec said:

Tried that as well and still get the same HTTPClient error… I’ve re-cloned evil, made sure to sync time, and made sure my system had most recent updates applied. Any other thoughts?

Often it means it cant find the target. Are you using IP or hostname?

Hey Taz, Using IP. TCPDump shows ‘some’ communication happening between Fuse and my box but it ultimately results in that error. If I put the wrong password I can get the error to change to an authorization error. So it seems like the boxes are talking? Even tried switching HTB zones and still seem to be getting the error.

Will look into trying hostname.

**** EDIT ****
No luck with hostname but a ms******** scanner was able to successfully log in with the user/pass combo I’m trying to use. However trying the same utility’s remote cmd plugin results in http 500 errors when using the valid credentials.

**** EDIT 2 ****
Reverted to snapshot and VM would still not connect. Gave up on my machine and went to HTB’s virtual machines and the evil-ness worked… Oh well… On to Root! If anyone has any ideas on what’s going on with my machines, I’m all ears!

Also, if someone could DM on how the root path was determined, I’d be appreciative as well. The only reason I’m aware of ‘how’ is due to folks leaving things on the box that gave away the answer… Not sure how one would have determined that e…cap…pp was the route though?

Can someone please help me with the pw reset. I have the creds and I thought I could do it with r*******t but I can’t get it to work. Using valid creds I can’t start the application for obvious reasons. When I use an empty username I get an access denied when trying to change the pw x(

Edit: I DID of course hit the interweb but came up empty…

@0xRand0m said:

Can someone please help me with the pw reset. I have the creds and I thought I could do it with r*******t but I can’t get it to work. Using valid creds I can’t start the application for obvious reasons. When I use an empty username I get an access denied when trying to change the pw x(

Edit: I DID of course hit the interweb but came up empty…

Search for the service (eg ***) and what you are trying to do. There is a page on www.***ba.org that shows the tool in detail.

Thank you! I finally found the right tool!!! The protocol suite is a pure nightmare xD

Type your comment> @MTOTH said:

Type your comment> @ericbosba said:

Hi.
ExxxxxtCxxcxx.exe end with a : “CreateProcess() failed”.
Anyone can help me please ?
EDIT : I did a mistake sorry.

Yes, the malicious thing didn’t load :slight_smile: 1st step is to load that :slight_smile: I had this error message earlier…

get same error, before this i load but idk i get this error :confused:

Easily the toughest “medium” box I’ve done here yet. User was much tougher than system, mostly because of a very annoying policy along with a need to move quickly.

I would recommend an install of CommandoVM for this one (and all Windows boxes, really). Having a native PowerShell can prove very handy.

I have done enumeration and something I can see… i have put together a list and not getting anywhere with initial foothold. Can I please get a nudge… Thx in advance.

@mswdr2 said:

I have done enumeration and something I can see… i have put together a list and not getting anywhere with initial foothold. Can I please get a nudge… Thx in advance.

Its hard to nudge this.

Do you have a list of usernames and your own wordlist?

If so, this is the path to getting initial access. You need to make sure you are trying them properly.

Type your comment> @TazWake said:

@mswdr2 said:

I have done enumeration and something I can see… i have put together a list and not getting anywhere with initial foothold. Can I please get a nudge… Thx in advance.

Its hard to nudge this.

Do you have a list of usernames and your own wordlist?

If so, this is the path to getting initial access. You need to make sure you are trying them properly.

Thanks… I understand why a nudge is hard on this one now…

.

Hi, at a certain point I needed to use the command smbpasswd, but the passwordchange is not permanent ( nothing to do with a reboot ). How can I go over this problem ?

@hokapefr said:

Hi, at a certain point I needed to use the command smbpasswd, but the passwordchange is not permanent ( nothing to do with a reboot ). How can I go over this problem ?

Change frequently, script it or find a new account to migrate into.

Solved it. If you can’t get to root this box, then PM me details about the exploit you are willing to use, and I’ll help you.

Spoiler Removed

Much trial and error (and boat loads of learning and face palming) this one is checked off… Great box (albeit frustrating).

need help!!!

When i try to compile .cpp files i get lots of errors about missing header files. Is there any other methods for those cross-compile actions such as using Visual Studio or a native Windows machine to imitate the box ?? I need to improve myself on this issue. Thanks.

@scorpion4347 said:

need help!!!

There is a lot of help in this thread. What do you need help with?

@sibercan said:

When i try to compile .cpp files i get lots of errors about missing header files. Is there any other methods for those cross-compile actions such as using Visual Studio or a native Windows machine to imitate the box ?? I need to improve myself on this issue. Thanks.

I used my windows host for a lot of this. However, there was one file which defeated me because I suck at compiling cpp. A bit of research found an alternative which worked well though.