Official Fuse Discussion

@scorpion4347 said:

need help!!!

There is a lot of help in this thread. What do you need help with?

@sibercan said:

When i try to compile .cpp files i get lots of errors about missing header files. Is there any other methods for those cross-compile actions such as using Visual Studio or a native Windows machine to imitate the box ?? I need to improve myself on this issue. Thanks.

I used my windows host for a lot of this. However, there was one file which defeated me because I suck at compiling cpp. A bit of research found an alternative which worked well though.

finally got it…a small mistake …takes long
if its Listening wait for some time don’t close and start again…it takes time to respond!!
C:\Users\Administrator\Desktop>
thank you @TazWake

having immense problems due to the reset of the pw after changing it. Even scripting the whole thing didnt help. I can change the pw but when I try access via rc*t establishing the connection seems to take so long that the pw is already resetted before the new pw can be used. I tried the same thing with smbmap which connects much faster and there it works alright. does someone have the same issue and if yes have you found a solution to that problem ? please pm if you have some ideas about that. thx.

finished !!

Spoiler Removed

Hello. I can’t get out of the user for days… I compile and run eopld*r.exe, but I get no output.
What should I modify in that exe file? Is it Image_path? I don’t even know what to fix.

@lee321 said:

Hello. I can’t get out of the user for days… I compile and run eopld*r.exe, but I get no output.
What should I modify in that exe file? Is it Image_path? I don’t even know what to fix.

There are a couple of other files you need to use with it - one of them has to be modified to point to your payload. Its the second exe which does the work, so there may be no output from this one.

Anyone else getting NTSTATUS: c0000034 when executing the loader?

Rooted. Very fun box that taught me a bunch of new very interesting things. Also made me work a little more than I usually have to for the root. Loved it.

I guess my least favorite part was the initial foothold because I never like brute-forcing but the rest of it was amazing.

Thanks to @egre55 for the box and @SanderZ31 for the nudges.

Feel free to PM me for nudges.

Root obtained. Managed to find a pre-compiled ver so I didn’t need to set up my own VM thankfully.

after through multiple pages of this forum, i guess i am doing it wrong if i am running after ldap/smb!!!

i have compiled explxxxcxxcom but how to compile epxxxdriver.cpp in VS2019?
please helpppppp

Can someone give me a small nudge on how to move for user? I’ve been able to make initial creds work, dumped domain info and see to what user I have to move… but don’t see how. I tried krbs attack and tried to abuse the pnt*r sp**ler service without luck…

@ompamo said:

Can someone give me a small nudge on how to move for user? I’ve been able to make initial creds work, dumped domain info and see to what user I have to move… but don’t see how. I tried krbs attack and tried to abuse the pnt*r sp**ler service without luck…

You wont thank me for this but it depends which user you are in as…

If you use the first account to enumerate more you can find a way to access as the second account via a very stable evil tool. This second account gives access to the user flag.

Looking for a nudge on ELD****.exe complied it and it works properly on my machine. However the victim machine it is not working.

meterpreter > getuid
Server username: NT AUTHORITY\SYSTEM

Great box, not so experienced with windows so it was a good learning experience of some core windows functions. Thanks to @TazWake for taking the time to explain the difference between some clients.

Rooted!
Feel free to pm me for nudges

Welp, for everybody struggling with c000004a just try to input full path for .sys file. Wasted about 40 minutes trying to figure it out.
Thanx, @egre55, that was a really interesting thing and a lot of experience!

My head is spinning from that privesc. Foothold is just, well, foothold 101.
Great box.

May have been too much for me to absorb it all at once. I’ll need to try it from scratch again. Just not this week.