Official Blunder Discussion

@wittr said:

Please don’t change the password to the foothold portal…

Stuck on root… got the user flag. I know people say “Basic Enum and google” but anyone got pointers on the “Basic enum” part(noob here)? I did some Googling off versions etc. of things I’m finding but I’m not seeing a lot. I saw @TazWake mention a CVE released late last year but having trouble coming up with anything …

When you find it, you will understand why it is nearly impossible to say anything here which wont be a spoiler.

Concentrate on finding out what rights/privileges your user account has.

Type your comment> @TazWake said:

When you find it, you will understand why it is nearly impossible to say anything here which wont be a spoiler.

Concentrate on finding out what rights/privileges your user account has.

Got it! Rooted.

I was going down that path but got an error when attempting enum, didn’t happen to google the error at the time (doh). On the plus side I learned how to upgrade a shell to fully tty during this process…
Thanks @TazWake @LewEl for nudges.

@wittr said:

On the plus side I learned how to upgrade a shell to fully tty during this process…
Nice work! All learning is good and that is a genuinely useful step in most boxes here.

Rooted…
My first box that did not have step by step instructions. Lots of learning and a couple of hints. Great experience. Thanks

I have a problem, I have the u****.*** file but this has information about F***** and a****. The password for a**** is not easily crackable and there is not clue about H***, I’m starting to think if there is maybe something wrong with the box or… I don’t know what’s going on. Can someone help me please?
Thanks!!

Finally after many rabbitholes(well learned alot).

Initial was enjoyable but the most challenging. use what is in front of you search around for the stuff you find.

user got me tripping but after some time and going at it with a fresh mind managed. (your normal enumeration look around for stuff)

Root is basic privesc not even a minute… Again you don’t have to reinvent the wheel

Anyone willing to give me a nudge on user? I found the login page but I’m having trouble enumerating!
Thanks

Type your comment> @jgfreeski said:

Anyone willing to give me a nudge on user? I found the login page but I’m having trouble enumerating!
Thanks

search for some common extensions and use a custom wordlist for pwd

Cannot figure out how to bruteforce this password - I know I have correct user, any help would be much appreciated

EDIT: Rooted!
Thanks so much to @haCKNg for the nudge for initial foothold - by far the hardest part of this box

Hello, I need help on Blunder VM, could anyone PM me and give me a hint?

PM for hints ! Will be willing to help !

Oh wauw, if you are stuck at root, make sure your shell is doing what you expect!
I was chasing rabbits for a looong time.

The Python Pty thing did the trick for me!

I have user but stuck on root. Sudo is throwing some odd tty error. Any tips?

@notdeltron64 said:

I have user but stuck on root. Sudo is throwing some odd tty error. Any tips?

The answer is literally above you :smiley:

Type your comment> @Lu5i4 said:

I have a problem, I have the u****.*** file but this has information about F***** and a****. The password for a**** is not easily crackable and there is not clue about H***, I’m starting to think if there is maybe something wrong with the box or… I don’t know what’s going on. Can someone help me please?
Thanks!!

I am in the same boat. Cannot crack the hash found in us***.P**

stuck after getting logged into the admin page, any pushes on what I should do next?
update: shell started.

Finally got root!

Thanks to MrClark for the nudge on getting user.

SMH on root! I went down so many rabbit holes before finally finding the easy solution. Good box, I learned some new tools and won’t soon forget this privesc technique.

Hi
I was able to get root on this box but had to use m********* in order to gain an initial shell. I want to try again, but this time manually performing the steps needed. I searched around and saw some explanation, but it was a bit hard to follow.

If anyone could push me towards a better explanation on the initial shell I would be grateful!

rooted. Thanks @TazWake for a nudge along the way. PM for nudges.