Can someone help me out with foothold? I found credentials but it says they expired. A bit stuck on what to do with them…
edit: nvm, found a use for them
When I try to load driver I get NTSTATUS: c000003b STATUS_OBJECT_PATH_SYNTAX_BAD error (as user s**-p****).
I compiled loader myself. Anyone knows why is that? I used full path to the c*m. file.
I suspect reg path is somehow wrong (Loading Driver: ???????\S-1-5...but don’t know why?
Could someone give me a nudge on initial foothold? Tried many enum for smb, ldap,kerb, and web dir, but got nothing… need a push in right direction…
thanks in advance
Type your comment> @shack said:
Could someone give me a nudge on initial foothold? Tried many enum for smb, ldap,kerb, and web dir, but got nothing… need a push in right direction…
thanks in advance
edit: found some users on pr… web service
Ugh. Stuck on initial foothold. Haven’t had much luck with rpcli** enum. Seen a few folks mention enum via the webapp. Is it supposed to be accessible? The port is open & the ip redirects to ‘http://fuse.fabricorp.local/papercut/logs/html/index.htm’ but its not accessible. Is it supposed to be?
Type your comment> @3xxu5 said:
Ugh. Stuck on initial foothold. Haven’t had much luck with rpcli** enum. Seen a few folks mention enum via the webapp. Is it supposed to be accessible? The port is open & the ip redirects to ‘http://fuse.fabricorp.local/papercut/logs/html/index.htm’ but its not accessible. Is it supposed to be?
add the line in your etc hosts file
10.10.10.193 fuse fuse.fabricorp.local
rooted 
some nudges
- 1° user: I didn’t like because is enumerate and that’s ok, but than to take some password you need to create a wordlist (is not a real machine, it’s a game)
- 2° user: remember the purpose of the box and enumerate the right place
- 3° user: enumerate and take a look on every things, then use google. Prepare some coffe cup because now you need some time for the last step
Rooted:
- foothold: start from 80 and enumerate to create a user and pass list;
- user.txt: be careful, maybe the password found is not immediately usable;
- root.txt: whoami /all track is the right one.
PM for more nudges
Can someone confirm that:
MSF winrm_login fails with the correct creds?
or someone has any idea why my meterpreter scanner says login failed with the correct creds??
Type your comment> @Rayz said:
Can someone confirm that:
MSF winrm_login fails with the correct creds?or someone has any idea why my meterpreter scanner says login failed with the correct creds??
with the CORRECT credentials, MSF work. Pay attention at the word CORRECT
are you run for the 2° user?
nope. first user…> @At1k1n said:
Type your comment> @Rayz said:
Can someone confirm that:
MSF winrm_login fails with the correct creds?or someone has any idea why my meterpreter scanner says login failed with the correct creds??
with the CORRECT credentials, MSF work. Pay attention at the word CORRECT
are you run for the 2° user?
first user, first shell.
dont know what happened with msf. it says failed for all my users.
manually login to winrm on the box i get a shell just fine.
smb_login also works just fine.
so i i guess its my MSF…
Type your comment> @sparrow1 said:
When I try to load driver I get NTSTATUS: c000003b STATUS_OBJECT_PATH_SYNTAX_BAD error (as user s**-p****).
I compiled loader myself. Anyone knows why is that? I used full path to the c*m. file.
I suspect reg path is somehow wrong (Loading Driver: ???\S-1-5…but don’t know why?
To answer my own question - there are warnings during compilation that need to be fixed (at least in VS 2019). Otherwise strings are not handled correctly and paths contain illegal characters.
Finally rooted 
Thank you @egre55 - I enjoyed this machine a lot, even though initial foothold was a bit cumbersome because of frequent account resets. I understand their purpose though - on free servers it would be machine resets galore without it. Very well thought out.
Can someone give me a nudge on root?
No errors running Eo*dv** , and imagepath is correct after checking in reg.
Just trying to test locally and I am getting zero errors but the d**v*r is not loaded…
Going insane here
Rooted.
@TazWake thanks for the nudge on the foothold.
Side-stepped compiling from the PoC’s by modifying an existing tool.
Not sure if that’s considered cheating in this case…
Can someone give me a nudge on the initial foothold? I swear I’ve enumerated every service to my ability. Literally don’t understand where I’m going wrong.
Just rooted this machine.
Wow, that was truly a fun journey. Thank you @egre55 for creating this challenge (Keep up the good work)
Also a big thank you to @TazWake for your nudges 
Type your comment> @magomed said:
Can someone give me a nudge on the initial foothold? I swear I’ve enumerated every service to my ability. Literally don’t understand where I’m going wrong.
Examine all that you can on the webpage. There are interesting things in there. Some words out of place maybe?
Type your comment> @MTOTH said:
Type your comment> @danielcues said:
Anybody else getting a “result was WERR_INVALID_NAME”?
I had the same issue, welcome to the club… Thanks for @SanderZ31 to helping me out
Recompiling and installing an older version of samba didn’t help either.
Sadly getting the same error - did you find a fix?
Type your comment> @sparrow1 said:
Type your comment> @magomed said:
Can someone give me a nudge on the initial foothold? I swear I’ve enumerated every service to my ability. Literally don’t understand where I’m going wrong.
Examine all that you can on the webpage. There are interesting things in there. Some words out of place maybe?
Thanks mate! Will look into it!
I have trouble compiling the EC file at the end, tips?
PM if you can give me a nudge 