Official Blunder Discussion

Official discussion thread for Blunder. Please do not post any spoilers or big hints.

«13456713

Comments

  • seems pretty quiet...

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • Love that HTB finally started doing official threads for machines and then no one uses it :lol:

  • Nice to see an official thread. Is this going to be a thing now?

    jiggle

    Feel free to ask for hints/nudges. Just PM me what you've already done, & give respect if I help you.

  • I think so. Worth keeping an eye out to see if there is anything formal from HTB in the next few days.

    If nothing else, hopefully, it will help keep discussions in easy to find places.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • I hope so. Makes sense when every machine ends up getting a thread created for it

  • hey any nudge for login page

  • Cool. I'll keep an eye out in the future.
    Since is this a blunder thread, I'll just add that it's a fun box so far. Foothold was pretty easy for me, but so far privesc is making me feel stupid.
    But it's a good thing.
    Right? :smile:

    jiggle

    Feel free to ask for hints/nudges. Just PM me what you've already done, & give respect if I help you.

  • Type your comment> @jiggle said:

    Cool. I'll keep an eye out in the future.
    Since is this a blunder thread, I'll just add that it's a fun box so far. Foothold was pretty easy for me, but so far privesc is making me feel stupid.
    But it's a good thing.
    Right? :smile:

    bro cam i pm me

  • Since this is the "official" Blunder forum, I'll post that I'm available for nudges here, too.

    Let me know where you are and what you've tried

    marlasthemage

  • This box is all about proper enumeration. Initial foothold all the way to root. It is an easy box. Most people struggle on the foothold, use the appropriate tools and you will find everything you need. The rest is some googling and following the bread crumbs.

    PM for nudges, but please try to on your own.

  • Thought it was a good box that took much longer because it was the first day and several people were crushing it with scans but fun as always!

    Mentioned in the other thread but will mention here too that I completed this box and you can PM for nudges.

  • Rooted!!

    Foothold: go*****r was my friend. I would recommend looking for common extensions. There is a way around the lockout, just learn how to b****s it. To find the password you need to be cool and look in front of you.

    User: Enumeration is key as files often contain juicy nuggets.

    Root: You can run a common enumeration script for this but first check for what p*******s and permissions you have. Does these things have a way to circumvent them?

    PM for a nudge.

  • edited May 31

    Surprisingly good, when the box wasn't being crushed by all the scans.

    Both foothold and root are very much 'you see it or you don't'. If you see it immediately, it may seem trivial. If you don't, like I did, you're probably going to have to grind a bit needlessly. If that happens, you should probably take a break and come back to it with fresh eyes.

    Foothold: use a light touch.
    User: enumerate.
    Root: stop trying so hard and think.

  • Thanks to @egotisticalSW for this machine, Don't know why, but overthinking easy machines always makes them feel more difficult.

    Initial Foothold

    • Basic web enumeration

    User

    • Looks like they have a newer one, What I can find there?

    Root

    • Hashtag pwn!

    If this is a spoiler remove it

  • Cool box, teaches you some key fundamentals. Brute forcing isn't necessary, look for suspicious things. Keep enumerating once you're in, I had to use a different resource than normal to get to user. Google will help with root too if you're not familiar.

  • edited May 31

    Someone saved screenshots one of the directories that show root flag. It wasn't there the last time I worked on this box. Seems like the creator of the box did it. Accessible by browser, but i am still confused to why it shows up just now.

  • Rooted - took me 3 hours, wish I had done this yesterday! Feel free to message me if you need a nudge. Only hint I can think of right now is that almost every answer is right in front of you.

  • edited June 1

    Finally got a foothold after missing some crucial info.
    Trying to move to user and wondering how to go about it. Used the ms module for a shell. Found the newer version and wondering if I need to crack the info in the d********/u****.p** for H*** user or if this is the wrong way to go. I've tried rocking it but have had no luck. wondering if this version uses sha1 as well.

    any nudges would be greatly appreciated

    EDIT: wow. not in any wordlists. thanks @TheT3rminat0r

    zweeden

  • rooted - message me if you need a small hint or nudge. glad to help anyone especially who is having a hard time getting a foot hold.

    I tried making me own list of things to using them to get foothold with a bunch of different tools. Many many hours wasted.

    Ultimately, the half of the answer was in front of my eyes the whole time. Don't overlook it. Literally.

    The other half was a little fuzzy.

    Once you have user don't get discouraged by what you can't do, ttry to upgrade your session. Also, don't trust automated tools to find juicy things for you. Try enumerating on your own. Nothing fancy or complicated, look simple. Maybe just remember to redirect your errors to /dev/null so it's easier to parse, so you're not having to scroll throw a bunch of permission denied errors.

    This is my first forum post, please let me know if anything needs to be redacted. Tried to write it to be vague enough, but to also keep the spirits up of others who hit the same barriers as myself.

    algernope
    I love helping newcomers. If you send a message, include the things you already tried.
    Please be patient for replies, I do my best to reply to everyone.

  • Rooted. Nice Easy Machine
    Foothold: Fuzzing should help you with the username. Fuzz with multiple common extensions. Then you can create your own script to brute force password. Remember wordlist is right in front of you.

    User: Basic manual enumeration. New is better.

    Root: Easiest of em all. Don't think too much. Look for common linux privilege escalation attack vectors and try them all. There was a recent CVE for a common binary in linux. Hope this is not too much. DM for nudge

  • Finally rooted this box. I am very new to this so a huge thanks to @Ja4V8s28Ck @zer0bubble for the subtle and not so subtle nudges to get me going in the right direction.

    There are a lot of red herrings in this box. try not to get stuck on something for too long. it's probably not the right way...

    kinryu

  • edited June 1

    No list or automated tool is mandatory or required for one half of the foothold.

    Simple attention to detail and half of the foothold is right in front of you, ready to use.

    Granted, it took me hours to realize this.

    Edit: Thank you to the kind users who provided gentle nudges without spoiling the experience.

    algernope
    I love helping newcomers. If you send a message, include the things you already tried.
    Please be patient for replies, I do my best to reply to everyone.

  • edited June 1

    Spent hours trying to get username/password.

    Thanks a lot to @algernope for a hint on a password. it really was in front of my eyes all the time.

    After getting to log into b****r, it took me 5 minutes to user and another 5 to root. Looks like i could be better in enumeration.

  • edited June 1
    Rooted this one.
    Initial foothold guess part should have some step stones alone the way. (Names are powerful)
    User part is easy. (People always love newer things)
    Root part is in 5 seconds. (Normal checkup for priviesc).

    Thanks @blackmonster7 for the nudge on decrypting part.
  • If anyone did the initial shell with manual exploitation, please ping me.

  • Cool, this is how it supposed to be.

  • Just rooted the box.
    Easy box. Thank to @egotisticalSW for creating such cool and nice box.

    If anyone need a hint, message me.

  • edited June 1

    DM for tips
    h1pno

  • edited June 1

    Box has been too unstable for the last 3 hours, I can't have 200 successful pings in a row... On VIP... 😒

    64 bytes from 10.10.10.191: icmp_seq=192 ttl=63 time=148 ms
    64 bytes from 10.10.10.191: icmp_seq=193 ttl=63 time=148 ms
    64 bytes from 10.10.10.191: icmp_seq=194 ttl=63 time=148 ms
    64 bytes from 10.10.10.191: icmp_seq=195 ttl=63 time=148 ms
    64 bytes from 10.10.10.191: icmp_seq=196 ttl=63 time=150 ms
    64 bytes from 10.10.10.191: icmp_seq=197 ttl=63 time=148 ms
    64 bytes from 10.10.10.191: icmp_seq=198 ttl=63 time=149 ms
    ^C
    --- 10.10.10.191 ping statistics ---
    230 packets transmitted, 121 received, 47.3913% packet loss, time 231831ms
    rtt min/avg/max/mdev = 147.314/149.110/191.223/4.216 ms
    [email protected]:~/Downloads#

    Edit: Finally got it...

    Hack The Box

  • edited June 1

    Hello! anyone can private message me for a hint on how to get R***** C*** E******** without using M***S*****?? thank you very much! =)

    EDITED: Finally got it manually. I think it will be easy when the machine is not so unstable. :D

    PM for a nudge if needed!

Sign In to comment.