Official Blunder Discussion

I have credentials for H**o and a meterpreter session as www, but it wont let be run su H&&o as the command isnt recognised. Anyone know how to change users in meterpreter or indeed a nudge or what to do with H&&o credentials?

@BugsBunny said:

I have credentials for Ho and a meterpreter session as www, but it wont let be run su Ho as the command isnt recognised. Anyone know how to change users in meterpreter or indeed a nudge or what to do with H**0 credentials?

Improve your shell.

Hello I need help, I have the username and password F ***, but I got stuck there; i got the cve but i need a push

Type your comment> @jesus62175 said:

Hello I need help, I have the username and password F ***, but I got stuck there; i got the cve but i need a push

There is a POC for that CVE. Google will give you if you ask correctly ?.
There is also a dedicated module written for most favorite exploitation software.

Type your comment> @gunroot said:

Type your comment> @jesus62175 said:

Hello I need help, I have the username and password F ***, but I got stuck there; i got the cve but i need a push

There is a POC for that CVE. Google will give you if you ask correctly ?.
There is also a dedicated module written for most favorite exploitation software.

but I get an error require manual cleanup of ‘.h*****’ on the target

Soooo many rabbit holes after Initial Foothold for User, I feel so dumb I strayed so far from home… lol.

Root was simple enough once u do like everyone says “back to basics”.

Rooted.
All the necessary hints have already been given here, so I won’t be adding any.
Just don’t overthink too much on the foothold, once you get the foothold, user and root is just minutes away! All the best!
Thank you @egotisticalSW for this fun box!

Rooted!! Fun box, easy but not immediate. Thank you @Zaitchev for nudges. You’ll think “I’m a fool” when you root it.
There’s my hint:

FOOTHOLD: the conventional standard ways are not the right way. Use your hands :wink: The CVEs are you’re friends.
USER: just enum everything. EVERYTHING!
ROOT: the basics of privesc. Google ALL, !

PM for hints :wink:

Type your comment> @jesus62175 said:

Type your comment> @gunroot said:

Type your comment> @jesus62175 said:

Hello I need help, I have the username and password F ***, but I got stuck there; i got the cve but i need a push

There is a POC for that CVE. Google will give you if you ask correctly ?.
There is also a dedicated module written for most favorite exploitation software.

but I get an error require manual cleanup of ‘.h*****’ on the target

I never got that particular error (I got a different one) but you might want to double check that you have the module set up properly. I suppose reading the module’s source code is enough but this thread had a hint earlier about intercepting the request with burp and making sure that it’s doing what you think it’s doing and that made my error really obvious.

Awesome box ! All the nudges given in this forum are sufficient to get you through.
If stuck, message me for nudges.
ROOTED!

can anyone help me…
my msf exploit is not working :tired_face:
i have tried everything
i even tried to manually do it but got no luck
can someone please help me

I think i got the right user for initial foothold from t***.t** file and tried brute forcing with a python script. But I don’t think i have the right wordlist for the password. Help would be much appreciated!

Nice machine… Thanx @egotisticalSW.

@de4dgh0st said:

can anyone help me…
my msf exploit is not working :tired_face:
i have tried everything

There is a good chance you haven’t tried everything.

i even tried to manually do it but got no luck

If it helps, I struggled with manual exploitation to the point at which I gave up.

can someone please help me

Check all your settings and payload.

Fun machine, thank you @egotisticalSW :slight_smile:

Got stuck long time on the foothold.
Once I found the user I got something Cewl going on :smiley: and snaked it up

Type your comment> @TazWake said:

@de4dgh0st said:

can anyone help me…
my msf exploit is not working :tired_face:
i have tried everything

There is a good chance you haven’t tried everything.

i even tried to manually do it but got no luck

If it helps, I struggled with manual exploitation to the point at which I gave up.

can someone please help me

Check all your settings and payload.

yeah i got it…
thxx

@de4dgh0st said:

yeah i got it…
thxx

Awesome!

Type your comment> @mukilan1600 said:

I think i got the right user for initial foothold from t*.t file and tried brute forcing with a python script. But I don’t think i have the right wordlist for the password. Help would be much appreciated!

Make a CraWL.

Rooted! Fun box, not immediate (at least, not for new people like me). Had to read carefully everything for the initial step, then some searches on new CVEs helped for the user part. The root part was the easiest one, rooted literally 30 seconds after gaining user access. Hope this is not a spoiler!
PM for nudges if you need help!

NB: I had to regenerate keys for lab access (I’m on EU Free server) because both user and root flags were at first rejected by the system (this seems an issue that others experienced, so maybe this can help other people with the same problem).

Got user & root. Have to admit i found foothold very irritating, lots of resets and very slow connection, but such is life on the free server .
The hints for this box were very useful too me, learnt about a new tool, which is cool ;).