Official Blunder Discussion

Since this is the “official” Blunder forum, I’ll post that I’m available for nudges here, too.

Let me know where you are and what you’ve tried

This box is all about proper enumeration. Initial foothold all the way to root. It is an easy box. Most people struggle on the foothold, use the appropriate tools and you will find everything you need. The rest is some googling and following the bread crumbs.

PM for nudges, but please try to on your own.

Thought it was a good box that took much longer because it was the first day and several people were crushing it with scans but fun as always!

Mentioned in the other thread but will mention here too that I completed this box and you can PM for nudges.

Rooted!!

Foothold: go*****r was my friend. I would recommend looking for common extensions. There is a way around the lockout, just learn how to b****s it. To find the password you need to be cool and look in front of you.

User: Enumeration is key as files often contain juicy nuggets.

Root: You can run a common enumeration script for this but first check for what p*******s and permissions you have. Does these things have a way to circumvent them?

PM for a nudge.

Surprisingly good, when the box wasn’t being crushed by all the scans.

Both foothold and root are very much ‘you see it or you don’t’. If you see it immediately, it may seem trivial. If you don’t, like I did, you’re probably going to have to grind a bit needlessly. If that happens, you should probably take a break and come back to it with fresh eyes.

Foothold: use a light touch.
User: enumerate.
Root: stop trying so hard and think.

Thanks to @egotisticalSW for this machine, Don’t know why, but overthinking easy machines always makes them feel more difficult.

Initial Foothold

  • Basic web enumeration

User

  • Looks like they have a newer one, What I can find there?

Root

  • Hashtag pwn!

If this is a spoiler remove it

Cool box, teaches you some key fundamentals. Brute forcing isn’t necessary, look for suspicious things. Keep enumerating once you’re in, I had to use a different resource than normal to get to user. Google will help with root too if you’re not familiar.

Someone saved screenshots one of the directories that show root flag. It wasn’t there the last time I worked on this box. Seems like the creator of the box did it. Accessible by browser, but i am still confused to why it shows up just now.

Rooted - took me 3 hours, wish I had done this yesterday! Feel free to message me if you need a nudge. Only hint I can think of right now is that almost every answer is right in front of you.

Finally got a foothold after missing some crucial info.
Trying to move to user and wondering how to go about it. Used the ms module for a shell. Found the newer version and wondering if I need to crack the info in the d********/u****.p** for H*** user or if this is the wrong way to go. I’ve tried rocking it but have had no luck. wondering if this version uses sha1 as well.

any nudges would be greatly appreciated

EDIT: wow. not in any wordlists. thanks @TheT3rminat0r

rooted - message me if you need a small hint or nudge. glad to help anyone especially who is having a hard time getting a foot hold.

I tried making me own list of things to using them to get foothold with a bunch of different tools. Many many hours wasted.

Ultimately, the half of the answer was in front of my eyes the whole time. Don’t overlook it. Literally.

The other half was a little fuzzy.

Once you have user don’t get discouraged by what you can’t do, ttry to upgrade your session. Also, don’t trust automated tools to find juicy things for you. Try enumerating on your own. Nothing fancy or complicated, look simple. Maybe just remember to redirect your errors to /dev/null so it’s easier to parse, so you’re not having to scroll throw a bunch of permission denied errors.

This is my first forum post, please let me know if anything needs to be redacted. Tried to write it to be vague enough, but to also keep the spirits up of others who hit the same barriers as myself.

Rooted. Nice Easy Machine
Foothold: Fuzzing should help you with the username. Fuzz with multiple common extensions. Then you can create your own script to brute force password. Remember wordlist is right in front of you.

User: Basic manual enumeration. New is better.

Root: Easiest of em all. Don’t think too much. Look for common linux privilege escalation attack vectors and try them all. There was a recent CVE for a common binary in linux. Hope this is not too much. DM for nudge

Finally rooted this box. I am very new to this so a huge thanks to @Ja4V8s28Ck @zer0bubble for the subtle and not so subtle nudges to get me going in the right direction.

There are a lot of red herrings in this box. try not to get stuck on something for too long. it’s probably not the right way…

No list or automated tool is mandatory or required for one half of the foothold.

Simple attention to detail and half of the foothold is right in front of you, ready to use.

Granted, it took me hours to realize this.

Edit: Thank you to the kind users who provided gentle nudges without spoiling the experience.

1 Like

Spent hours trying to get username/password.

Thanks a lot to @algernope for a hint on a password. it really was in front of my eyes all the time.

After getting to log into b****r, it took me 5 minutes to user and another 5 to root. Looks like i could be better in enumeration.

Rooted this one.
Initial foothold guess part should have some step stones alone the way. (Names are powerful)
User part is easy. (People always love newer things)
Root part is in 5 seconds. (Normal checkup for priviesc).

Thanks @blackmonster7 for the nudge on decrypting part.

If anyone did the initial shell with manual exploitation, please ping me.

Cool, this is how it supposed to be.

Just rooted the box.
Easy box. Thank to @egotisticalSW for creating such cool and nice box.

If anyone need a hint, message me.

DM for tips
![h1pno] (https://www.hackthebox.eu/badge/image/314167)