Official Blunder Discussion

Got user & root. Have to admit i found foothold very irritating, lots of resets and very slow connection, but such is life on the free server .
The hints for this box were very useful too me, learnt about a new tool, which is cool ;).

Spoiler Removed

Rooted. Foothold was extremely annoying and I ended up having to use M********* which I really don’t like to do. If you did this manually please DM me, I’d love to know what I did wrong.

Simple Enumeration will get you user. Use what you’ve already found to your advantage.

Root: Don’t overcomplicate it like I did.

Lots of rabbit holes…

Type your comment> @UGlz said:

Rooted! Fun box, not immediate (at least, not for new people like me). Had to read carefully everything for the initial step, then some searches on new CVEs helped for the user part. The root part was the easiest one, rooted literally 30 seconds after gaining user access. Hope this is not a spoiler!
PM for nudges if you need help!

NB: I had to regenerate keys for lab access (I’m on EU Free server) because both user and root flags were at first rejected by the system (this seems an issue that others experienced, so maybe this can help other people with the same problem).

Hey. I don’t think you need to regenerate your VPN keys to make the root & user hash to work. A simple reset is enough to make it work. I also encountered this issues a bunch of times, but the same hash worked after resetting the box.

Type your comment> @gunroot said:

Type your comment> @UGlz said:

Rooted! Fun box, not immediate (at least, not for new people like me). Had to read carefully everything for the initial step, then some searches on new CVEs helped for the user part. The root part was the easiest one, rooted literally 30 seconds after gaining user access. Hope this is not a spoiler!
PM for nudges if you need help!

NB: I had to regenerate keys for lab access (I’m on EU Free server) because both user and root flags were at first rejected by the system (this seems an issue that others experienced, so maybe this can help other people with the same problem).

Hey. I don’t think you need to regenerate your VPN keys to make the root & user hash to work. A simple reset is enough to make it work. I also encountered this issues a bunch of times, but the same hash worked after resetting the box.

Yes, I thought the same, but even resetting the machine didn’t work for me (still don’t know why) so after some time I tried regenerating keys and it worked. However of course maybe resetting is enough for other people!

Rooted ! Thanks to @devglass for a nudge dealing with the initial foothold. I think like most people I went down several rabbit holes.

Rooted…

Muchas gracias a @7u1x y @algernope por todo su apoyo y paciencia.

Thank you very much to @7u1x and @algernope for all your support and patience.

Hello! I’m stuck on the initial foothold for blunder. If anyone see this and is willing to give me a little nudge please DM me! Much appreciated!

Rooted…,
I loved solving this machine

Got Root.

The foothold for this box was just kinda stupid. Maybe its just me and my general distaste for CTFy machines but after I got the initial foothold I was pretty disappointed. the “first part” is fine. However the way to get the "second part " for the initial exploit seemed more of a way to slow down the progress of rooting the box rather than trying to give an example of or teach anyone a concept. Maybe I’m being too harsh about it but It just seemed kinda uninspired on the creators part.

That all being said I actually did like this box after the foothold, user gave you a potential dead end and made you look somewhere else, which I personally like to see. Root took me 2 minutes, but its an easy box so I have no complaints. If it were not for the foothold.
this box would be great for someone who was just learning, because of the general enum concepts.

tl;dr
foothold bad, rest of box good

there are plenty of hints on the forum, but if you need additional help, send me a pm with what you tried so far and I will do my best to help.

props to @gotroot for the foothold nudge

Got Root.

My advise dont overthink too much on the root. Once you go back to basics for privsec yo u will see something odd and you kind of make it way from there.

People who have started new , good box.

Thanks to creator , learned couple of things, and thanks to @Mysther for initial foothold

Hi all, I’m currently stuck, I’ve managed to launch an MP shell, and I’ve found the file i need to find, but i can’t really do anything as far as accessing even user. Any nudges would be greatly appreciated, thanks.

Type your comment> @K0dy23 said:

Hi all, I’m currently stuck, I’ve managed to launch an MP shell, and I’ve found the file i need to find, but i can’t really do anything as far as accessing even user. Any nudges would be greatly appreciated, thanks.

I’m in the same position - got a shell, found the u***s.p** file with a very easily crackable hash - but I can’t seem to use this to bump my privs. I’m beginning to think I’m going down the wrong route…

@K0dy23 said:

Hi all, I’m currently stuck, I’ve managed to launch an MP shell, and I’ve found the file i need to find, but i can’t really do anything as far as accessing even user. Any nudges would be greatly appreciated, thanks.

@maaaks said:

I’m in the same position - got a shell, found the u***s.p** file with a very easily crackable hash - but I can’t seem to use this to bump my privs. I’m beginning to think I’m going down the wrong route…

If you have a users password, Linux allows a trivial way you can switch into that user’s context. It doesn’t always work, but it is always worth trying.

Even when it doesn’t work you will often get enough information from the OS to work out what you need to fix.

Rooted ! thanks to the help by @Sw33tp3a , @sysceen , @algernope ! I was searching difficult. Just make a break time and go again !

Rooted… For those who rooted: just curious if anyone have made any use of the *** transfer services in this box - or are these purely a rabbit hole?

Finally got it. Woot! Woot! Just like what everyone else says, getting the foothold was the biggest hurdle, but it gets easier from there…

I managed to login and now I am trying to go further but something is wrong. This is for the initial fh. Can someone give me a nudge?

Great box @egotisticalSW !

Edit to update: Rooted!

Great box, lots of fun and I learned a lot, yet again. Great basic box for beginners, such as myself. I’ll try to throw a couple of hints that are neither too vague or giving too much away:

Foothold: Typical fuzzing on web directory. If one wordlist doesnt work, try another. I had to go through a couple to find what I needed. With enough diligence, you will find a user.
User: Once you have popped shell, what files can you find? Surely there is something juicy laying out in the open. Beware for rabbit holes!
Root: Took me way too long to find the vuln to gain privesc. Super basic Linux priv esc. Combine the powers you have with a recent exploit, and you will have your path marked for you.

I hope this helps without giving too much away. Feel free to pm me if anyone needs some assistance.

Thanks @egotisticalSW for the awesome box!