Official Blunder Discussion

Awesome box ! All the nudges given in this forum are sufficient to get you through.
If stuck, message me for nudges.
ROOTED!

can anyone help meā€¦
my msf exploit is not working :tired_face:
i have tried everything
i even tried to manually do it but got no luck
can someone please help me

I think i got the right user for initial foothold from t***.t** file and tried brute forcing with a python script. But I donā€™t think i have the right wordlist for the password. Help would be much appreciated!

Nice machineā€¦ Thanx @egotisticalSW.

@de4dgh0st said:

can anyone help meā€¦
my msf exploit is not working :tired_face:
i have tried everything

There is a good chance you havenā€™t tried everything.

i even tried to manually do it but got no luck

If it helps, I struggled with manual exploitation to the point at which I gave up.

can someone please help me

Check all your settings and payload.

Fun machine, thank you @egotisticalSW :slight_smile:

Got stuck long time on the foothold.
Once I found the user I got something Cewl going on :smiley: and snaked it up

Type your comment> @TazWake said:

@de4dgh0st said:

can anyone help meā€¦
my msf exploit is not working :tired_face:
i have tried everything

There is a good chance you havenā€™t tried everything.

i even tried to manually do it but got no luck

If it helps, I struggled with manual exploitation to the point at which I gave up.

can someone please help me

Check all your settings and payload.

yeah i got itā€¦
thxx

@de4dgh0st said:

yeah i got itā€¦
thxx

Awesome!

Type your comment> @mukilan1600 said:

I think i got the right user for initial foothold from t*.t file and tried brute forcing with a python script. But I donā€™t think i have the right wordlist for the password. Help would be much appreciated!

Make a CraWL.

Rooted! Fun box, not immediate (at least, not for new people like me). Had to read carefully everything for the initial step, then some searches on new CVEs helped for the user part. The root part was the easiest one, rooted literally 30 seconds after gaining user access. Hope this is not a spoiler!
PM for nudges if you need help!

NB: I had to regenerate keys for lab access (Iā€™m on EU Free server) because both user and root flags were at first rejected by the system (this seems an issue that others experienced, so maybe this can help other people with the same problem).

Got user & root. Have to admit i found foothold very irritating, lots of resets and very slow connection, but such is life on the free server .
The hints for this box were very useful too me, learnt about a new tool, which is cool ;).

Spoiler Removed

Rooted. Foothold was extremely annoying and I ended up having to use M********* which I really donā€™t like to do. If you did this manually please DM me, Iā€™d love to know what I did wrong.

Simple Enumeration will get you user. Use what youā€™ve already found to your advantage.

Root: Donā€™t overcomplicate it like I did.

Lots of rabbit holesā€¦

Type your comment> @UGlz said:

Rooted! Fun box, not immediate (at least, not for new people like me). Had to read carefully everything for the initial step, then some searches on new CVEs helped for the user part. The root part was the easiest one, rooted literally 30 seconds after gaining user access. Hope this is not a spoiler!
PM for nudges if you need help!

NB: I had to regenerate keys for lab access (Iā€™m on EU Free server) because both user and root flags were at first rejected by the system (this seems an issue that others experienced, so maybe this can help other people with the same problem).

Hey. I donā€™t think you need to regenerate your VPN keys to make the root & user hash to work. A simple reset is enough to make it work. I also encountered this issues a bunch of times, but the same hash worked after resetting the box.

Type your comment> @gunroot said:

Type your comment> @UGlz said:

Rooted! Fun box, not immediate (at least, not for new people like me). Had to read carefully everything for the initial step, then some searches on new CVEs helped for the user part. The root part was the easiest one, rooted literally 30 seconds after gaining user access. Hope this is not a spoiler!
PM for nudges if you need help!

NB: I had to regenerate keys for lab access (Iā€™m on EU Free server) because both user and root flags were at first rejected by the system (this seems an issue that others experienced, so maybe this can help other people with the same problem).

Hey. I donā€™t think you need to regenerate your VPN keys to make the root & user hash to work. A simple reset is enough to make it work. I also encountered this issues a bunch of times, but the same hash worked after resetting the box.

Yes, I thought the same, but even resetting the machine didnā€™t work for me (still donā€™t know why) so after some time I tried regenerating keys and it worked. However of course maybe resetting is enough for other people!

Rooted ! Thanks to @devglass for a nudge dealing with the initial foothold. I think like most people I went down several rabbit holes.

Rootedā€¦

Muchas gracias a @7u1x y @algernope por todo su apoyo y paciencia.

Thank you very much to @7u1x and @algernope for all your support and patience.

Hello! Iā€™m stuck on the initial foothold for blunder. If anyone see this and is willing to give me a little nudge please DM me! Much appreciated!

Rootedā€¦,
I loved solving this machine

Got Root.

The foothold for this box was just kinda stupid. Maybe its just me and my general distaste for CTFy machines but after I got the initial foothold I was pretty disappointed. the ā€œfirst partā€ is fine. However the way to get the "second part " for the initial exploit seemed more of a way to slow down the progress of rooting the box rather than trying to give an example of or teach anyone a concept. Maybe Iā€™m being too harsh about it but It just seemed kinda uninspired on the creators part.

That all being said I actually did like this box after the foothold, user gave you a potential dead end and made you look somewhere else, which I personally like to see. Root took me 2 minutes, but its an easy box so I have no complaints. If it were not for the foothold.
this box would be great for someone who was just learning, because of the general enum concepts.

tl;dr
foothold bad, rest of box good

there are plenty of hints on the forum, but if you need additional help, send me a pm with what you tried so far and I will do my best to help.

props to @gotroot for the foothold nudge