Official Blunder Discussion

SMH on root! I went down so many rabbit holes before finally finding the easy solution. Good box, I learned some new tools and won’t soon forget this privesc technique.

Hi
I was able to get root on this box but had to use m********* in order to gain an initial shell. I want to try again, but this time manually performing the steps needed. I searched around and saw some explanation, but it was a bit hard to follow.

If anyone could push me towards a better explanation on the initial shell I would be grateful!

rooted. Thanks @TazWake for a nudge along the way. PM for nudges.

Spoiler Removed

Finally rooted! Thank you @UGlz , @algernope, and @kalitkd for the tips! Biggest hint I can give is to just learn about different shells

The initial foothold is driving me crazy.

I found a username in a t***.*** file, and created a cool password list.
But unfortunately I don’t get a working login.

Can anyone send me a nudge via PN?


Thank you for the nudge :slight_smile:

I’m stuck at the wordlist i should use to brute force
Any hints guys?

Type your comment> @n0Idea said:

I’m stuck at the wordlist i should use to brute force
Any hints guys?

There is a tool available to generate wordlist from a website automatically.
Brute Force needed with that list, but if you have luck you can find the pass with trial & error. Just names are important as creds.

Type your comment> @gunroot said:

There is a tool available to generate wordlist from a website automatically.
Brute Force needed with that list, but if you have luck you can find the pass with trial & error. Just names are important as creds.

Yes. i already founded the username, now i did found the password
Thanks :smiley:

Drop a message for any nudges.

Got root! Initial foothold was the hardest part, after that everything was a breeze. PM for nudges.

One tip, when modding python scripts to read lines from file, don’t forget to strip the last character, \n. A lot of time wasted for that stupid thing, had to see it at wireshark.

I stopped hacking for a while and came back and did this box. The first part really bugged me and I ended up using a traditional tool and replaced it with a basic tool.

For user I had to dig some more but I found something older and a website helped me find more out about it.

Root I had to google what the ■■■■ the last line meant. When I discovered the website detailing a little more about that line, well, the rest is history.

I had to stay up all night anyway for work things, and this was a decent headache to get back on track for OSCP. Im glad I stuck this box out and finished it. Thanks for it.

@n0Idea said:

I’m stuck at the wordlist i should use to brute force
Any hints guys?

Create your own wordlist. Kali/Parrot should come with a built-in tool to do this, created by the incredibly talented Robin Wood.

@cpc6128 said:

The initial foothold is driving me crazy.

I found a username in a t***.*** file, and created a cool password list.
But unfortunately I don’t get a working login.

Can anyone send me a nudge via PN?

Google the application you are attacking and see if has any built in protection against what you are doing. Then there might be some guidance or POC code which lets you do what you are trying to do.

Hi guys,
I’m loosing my mind, I’m in with a limited shell, I can’t found any helpful (some hes imposible to decrypt, a mss from s*n with a weird method). Please, Could anyone send me a nudge??

@TazWake
Thank you. I’ve already found the script and have got a basic shell.

Rooted, Thank @MrClark I had loosing my patience, thanks to you I kept digging. Good box!

Rooted, @egotisticalSW Box was nice , just got irritated at initial foothold. But liked the priv esc part, though I initially got lost in all suid part. It was easier if I would have been on right track since start. But loved it. Good box!!

Type your comment> @Chuspi1k said:

Hi guys,
I’m loosing my mind, I’m in with a limited shell, I can’t found any helpful (some hes imposible to decrypt, a mss from s*n with a weird method). Please, Could anyone send me a nudge??

I’m stuck here too . Would be great if anyone could send me a nudge too! Thanks :smile: