Hackthebox Fuse writeup – 10.10.10.193
Use the NTLM root hash 3**************************4e to unlock the writeup.
Hackthebox fuse wrietup
Use the NTLM root hash 3**************************4e to unlock the writeup.
Hackthebox fuse wrietup
It is a great box from Hackthebox it starts with rpc enumeration followed by the brute forcing of smb login.For the privilege escalation DC sync attack was the easy way.
It is centered around Smb service .We get creds of temp user after little enumeration on smb.Through that user we get another user password hash.Which we decrypt through a custom vb script……….
It is a medium level box which has smb ports open .And on little enumeration we get creds for a user.Which in real are correct for other user.Then we get Another creds in a hidden script .Followed by the Using Dnsadmin Privileges to set our malicious .dll payload to get the root.
It involves directory enumeration followed by finding new site.Then exploiting openerm followed by getting creds with Memcached.Then a simple privilege escalation by docker
This machine is currently active on hackthebox wait until it gets retired or if you have owned it then you need to get the Administrator NTLM hash or the root password hash from the file /etc/shadow file
It involves directory fuzzing and then exploiting a python function followed by some crypto.And root was interesting did it in two ways .