Official Blunder Discussion

Slightly deceiptful “easy” box… because it has a few red-herring. Indeed, root is “easy” if you have heard of a specific kind of vulnerability, but if you haven’t…

Rooted!

  • Learn a nice new way to privesc :wink:
  • Struggle for foothold like a lot of people apparently
  • Rest is rather straight forward

Thanks @user0n3 for the nudge on foothold

Do not hesite to PM if you need any help, happy to help :wink:

Rooted!

Foothold: Go****** is a better option here. Take a look at possible file types on the website. The next part requires the exact tool you have in mind, but you have to create your own list

User: Google search will help you here. Newer the better

Root: Go back to the basics of privesc.

PM if you need a Nudge

I think that this box have an OSCP-like feeling, with lot of rabbits hole.
Learn a thing on the privesc part so i’m happy with this box.

Don’t hesitate to PM me for hints.

Rooted.
Definitely over thought a few things along the way, fun box.

would appreciate a nudge for user. got a shell, but i must be doing something wrong and can’t escalate to our user :T

Type your comment> @0x41 said:

would appreciate a nudge for user. got a shell, but i must be doing something wrong and can’t escalate to our user :T

enumerate more. a piece of information you already have has some things. are all the things completed?

pm me if you need another nudge.

I enumerated some of this machine yesterday and found a r*******.php file that doesn’t appear to be here today. is this expected? Was finding that file yesterday a fluke?

Type your comment> @Kainn said:

I enumerated some of this machine yesterday and found a r*******.php file that doesn’t appear to be here today. is this expected? Was finding that file yesterday a fluke?

I am assuming someone exploited the box and uploaded a file there and you saw it. I will say that file in not critical for this host.

Type your comment> @TheT3rminat0r said:

Type your comment> @Kainn said:

I enumerated some of this machine yesterday and found a r*******.php file that doesn’t appear to be here today. is this expected? Was finding that file yesterday a fluke?

I am assuming someone exploited the box and uploaded a file there and you saw it. I will say that file in not critical for this host.

That’s what I was leaning towards. Back to fuzzing. Thank you

Rooted, went down a massive rabbit hole trying to get the user. Soon as i got user root was seconds away.

Pfffft, not sure if I like this box or hate it. Went through all possible rabbit holes imaginable. LOL
Many thanks to the creator(s)!

Rooted, Fun box! Congrats @egotisticalSW !

Just rooted this box, it was really fun @egotisticalSW! Need help, just DM.

This is a fun box - awesome work by @egotisticalSW

Fun box! Will give nudges if you pm/

Thank you for this funny box @egotisticalSW unlike others, the start was easier for me! like what…

@TazWake Sorry for the previous thread, I didn’t know that now there will be an “official” thread :wink:

And thanks to @poker1 for his help on the last part. Sometimes we look too complicated…

@choupit0 said:

@TazWake Sorry for the previous thread, I didn’t know that now there will be an “official” thread :wink:

Its ok - I don’t think anyone knew. I certainly didn’t.

Anyone able to take a few quick PMs? Just trying to get something to work that should… but is not… Just need nudge on some syntax for foot fold.

@AwkwardUnicorn said:

Anyone able to take a few quick PMs? Just trying to get something to work that should… but is not… Just need nudge on some syntax for foot fold.

I will help if I can.