Official Fuse Discussion

1678911

Comments

  • edited August 2020

    .

  • Hi, at a certain point I needed to use the command smbpasswd, but the passwordchange is not permanent ( nothing to do with a reboot ). How can I go over this problem ?

  • @hokapefr said:

    Hi, at a certain point I needed to use the command smbpasswd, but the passwordchange is not permanent ( nothing to do with a reboot ). How can I go over this problem ?

    Change frequently, script it or find a new account to migrate into.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

    Currently have very limited HTB time but will try to respond as quickly as possible.

  • edited August 2020

    Solved it. If you can't get to root this box, then PM me details about the exploit you are willing to use, and I'll help you.

    limeternity

  • edited August 2020

    Spoiler Removed

    Scorpion4347

  • Much trial and error (and boat loads of learning and face palming) this one is checked off.... Great box (albeit frustrating).

    aut0exec

  • need help!!!

    Scorpion4347

  • When i try to compile .cpp files i get lots of errors about missing header files. Is there any other methods for those cross-compile actions such as using Visual Studio or a native Windows machine to imitate the box ?? I need to improve myself on this issue. Thanks.

  • @scorpion4347 said:

    need help!!!

    There is a lot of help in this thread. What do you need help with?

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

    Currently have very limited HTB time but will try to respond as quickly as possible.

  • @sibercan said:

    When i try to compile .cpp files i get lots of errors about missing header files. Is there any other methods for those cross-compile actions such as using Visual Studio or a native Windows machine to imitate the box ?? I need to improve myself on this issue. Thanks.

    I used my windows host for a lot of this. However, there was one file which defeated me because I suck at compiling cpp. A bit of research found an alternative which worked well though.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

    Currently have very limited HTB time but will try to respond as quickly as possible.

  • finally got it....a small mistake ...takes long
    if its Listening wait for some time don't close and start again.....it takes time to respond!!
    C:\Users\Administrator\Desktop>
    thank you @TazWake

    Scorpion4347

  • having immense problems due to the reset of the pw after changing it. Even scripting the whole thing didnt help. I can change the pw but when I try access via r**c***t establishing the connection seems to take so long that the pw is already resetted before the new pw can be used. I tried the same thing with smbmap which connects much faster and there it works alright. does someone have the same issue and if yes have you found a solution to that problem ? please pm if you have some ideas about that. thx.

    zaphoxx

  • edited August 2020

    Spoiler Removed

  • edited August 2020

    Hello. I can't get out of the user for days.. I compile and run eopl***d****r.exe, but I get no output.
    What should I modify in that exe file? Is it Image_path? I don't even know what to fix.

  • @lee321 said:

    Hello. I can't get out of the user for days.. I compile and run eopl***d****r.exe, but I get no output.
    What should I modify in that exe file? Is it Image_path? I don't even know what to fix.

    There are a couple of other files you need to use with it - one of them has to be modified to point to your payload. Its the second exe which does the work, so there may be no output from this one.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

    Currently have very limited HTB time but will try to respond as quickly as possible.

  • Anyone else getting NTSTATUS: c0000034 when executing the loader?

  • Rooted. Very fun box that taught me a bunch of new very interesting things. Also made me work a little more than I usually have to for the root. Loved it.

    I guess my least favorite part was the initial foothold because I never like brute-forcing but the rest of it was amazing.

    Thanks to @egre55 for the box and @SanderZ31 for the nudges.

    Feel free to PM me for nudges.

    AviusX

  • Root obtained. Managed to find a pre-compiled ver so I didn't need to set up my own VM thankfully.

  • after through multiple pages of this forum, i guess i am doing it wrong if i am running after ldap/smb!!!!

  • i have compiled explxxxcxxcom but how to compile epxxxdriver.cpp in VS2019?
    please helpppppp

  • Can someone give me a small nudge on how to move for user? I've been able to make initial creds work, dumped domain info and see to what user I have to move... but don't see how. I tried k*rb***s attack and tried to abuse the pnt*r spler service without luck...

    ompamo

  • @ompamo said:

    Can someone give me a small nudge on how to move for user? I've been able to make initial creds work, dumped domain info and see to what user I have to move... but don't see how. I tried k*rb***s attack and tried to abuse the pnt*r spler service without luck...

    You wont thank me for this but it depends which user you are in as...

    If you use the first account to enumerate more you can find a way to access as the second account via a very stable evil tool. This second account gives access to the user flag.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

    Currently have very limited HTB time but will try to respond as quickly as possible.

  • Looking for a nudge on E**L***D*****.exe complied it and it works properly on my machine. However the victim machine it is not working.

  • meterpreter > getuid
    Server username: NT AUTHORITY\SYSTEM

    Great box, not so experienced with windows so it was a good learning experience of some core windows functions. Thanks to @TazWake for taking the time to explain the difference between some clients.

    LMAY75
    Always happy to help, DM me if you need anything!
    Link to Profile

  • Rooted!
    Feel free to pm me for nudges

  • Welp, for everybody struggling with c000004a just try to input full path for .sys file. Wasted about 40 minutes trying to figure it out.
    Thanx, @egre55, that was a really interesting thing and a lot of experience!

    nopej0hnson

    PM for nudges, will be glad to help you.

  • edited October 2020

    My head is spinning from that privesc. Foothold is just, well, foothold 101.
    Great box.

    May have been too much for me to absorb it all at once. I'll need to try it from scratch again. Just not this week.

  • Rooted.
    User: when you find something try in other services. more and more and ..
    root: Think of it like a potato attack. "whoami is your friend."
    If you need some help, DM me.

  • looking for a nudge on foothold. I've just nmapped the box and I've found some users, not sure it's the right way to procede. dm me please :smile:

Sign In to comment.