Official Blunder Discussion

Spoiler Removed

Found the user name through a file, use cl+b*p to try to enumerate the password, but did not find the password.need helps, please PM me, thanks!

root it!

Spoiler Removed

Beside the initial frustration of finding the password it was a nice machine to learn how to create a simple brute-force script. First I screwed up that password by transforming it to lowc*e. If you are that kind of people who likes the ‘hard way’ take care of the POST parameters and just forget to send the Headers in your POST. After that my bruteforce script was worked like a charm.

If you want to manually exploit the C*S and found the article which describes the vulnerability, one reminder; take care of every parameters and do exactly what the POC does. I’ve lost a lot of time trying to place something in a wrong directory…

For user if you haven’t found anything, just reread the posts in this forum.

Root is < 1 minute if you have some kind of routine. If not, check what you could do in “godmode”.

Finally i was able to root it. I really enjoy the box, it took me sometime to modify the python code to make it work. But just wondering if there is another way to get f****s password without using a bruteforce?

I guess you might think about using it just out of habit if you pay attention when looking around the webpage, but that’s not where my mind went at all so I ended up wasting almost an entire day :smiley:

Finally rooted…foothold was slow, took some digging and reading! to see the obvious. Getting user was a pain, not helped by me flying down a bunny tube for few hours, only to realize I was making a silly mistake.

After that root was sorted by a bit of googlating and 5 mins later done.

@bobthebadger said:
Finally rooted…foothold was slow, took some digging and reading! to see the obvious. Getting user was a pain, not helped by me flying down a bunny tube for few hours, only to realize I was making a silly mistake.

bunny tube! haha
thank you for that

Finally Rooted. Very funny machine…

HINTS

  • Create a personalized wordlist with the information you get
  • Automated tools can help you, but be careful
  • A recent CVE can help you

PM me if you need any nudge, I like to help :smile:

Type your comment> @LordOfAgap said:

Finally i was able to root it. I really enjoy the box, it took me sometime to modify the python code to make it work. But just wondering if there is another way to get f****s password without using a bruteforce?

Hey. I didn’t write any script to brute Force pass. But I found it by just trying all the names in that custom wordlist manually (I thought I got the pass in 5-10th attempt). Lol I had luck.

I’m trying to exploit the foothold vuln. manually. May be some kind of WAF? Any hint?

EDIT: Rooted! If someone used the brute-force approach please write me in PM :slight_smile:

@0xBro said:

I’m trying to exploit the foothold vuln. manually. May be some kind of WAF? Any hint?

Google is your friend here. Search for the name of the thing you are trying to attack and ways to bypass its restrictions.

Type your comment> @retrymp3 said:

This exploit may require manual cleanup of ‘.*****’ on the target " - I am pretty sure that this wasn’t intended. I can’t advance further with this maybe reseting the box will help. Cause we dont have permissions to write on any files from foothold

Edit :leave t***** *** as default. For this to work?

Rooted. Great box. Props to @egotisticalSW.
Foothold, some zz and some cool ness.
No hints needed for user and root

Rooted.
As some wrote, many rabbit holes for the user.
Root very easy.
PD: Gracias Torre Oscura!

Rooted
Not going to say much since there is a ton of hints already in the forums.
PM me if you need a nudge

thanks for the box it was great if anyone needs nudges or help for doing the manual exploit (without msf) send me a pm

I have credentials for H**o and a meterpreter session as www, but it wont let be run su H&&o as the command isnt recognised. Anyone know how to change users in meterpreter or indeed a nudge or what to do with H&&o credentials?

@BugsBunny said:

I have credentials for Ho and a meterpreter session as www, but it wont let be run su Ho as the command isnt recognised. Anyone know how to change users in meterpreter or indeed a nudge or what to do with H**0 credentials?

Improve your shell.

Hello I need help, I have the username and password F ***, but I got stuck there; i got the cve but i need a push