Official Blunder Discussion

@SecretLifeform said:

I’ve read through this whole thread, still can’t figure out what I’m doing wrong.
I made sure my source ip address is correct, using target uri from the documentation, am using the p**/m**********/r********p payload and am getting this response:

Exploit aborted due to failure: unknown: No tokenCSRF found.

Can someone point me in the right direction?

The problem is as it is, if you take a 5 minute look at the login page you’ll see the issue. For whatever reason or not MS isn’t either providing it or you just missed out on it. I mean you can always just do it manually :smile:

Rooted. ngl the enum was literally just one cmd, but must of dropped requests when I did it originally and went down a rabbit hole. Don’t miss anything. You do not need to ‘bruteforce’ anything if you can read.

User: 1 v 1 + the rest of the hints in this thread just make sure its the right one
Root: 5 seconds with the rest of the hints in this thread

The more I read that foothold is right in front of the face the more I want to scream :smiley: . If anyone would pm me with a nudge it would be greatly appreciated. Been banging my head on this for hours. Thanks in advance.

Can anyone help me get user? I have a hash from u***s.php but I have been unable to crack it. I have used the salt with it to no avail.

My current issue is that I get this message in msf and it doesn’t create a session
[] Started reverse TCP handler on CENSORED
[+] Logged in as: f***** (I censored this as well)
[
] Retrieving UUID…
[] Uploading xCwhiPoQRB.png…
[
] Uploading .htaccess…
[] Executing xCwhiPoQRB.png…
[!] This exploit may require manual cleanup of ‘.htaccess’ on the target
[
] Exploit completed, but no session was created.
Am I using the wrong payload or is it a issue I havent thought of yet?

Finally rooted. Indeed root was very easy, but initial foothold was really annoying.
Thanks to the creator, it was quite a fun box.

Type your comment> @s0b3k said:

My current issue is that I get this message in msf and it doesn’t create a session
[] Started reverse TCP handler on CENSORED
[+] Logged in as: f***** (I censored this as well)
[
] Retrieving UUID…
[] Uploading xCwhiPoQRB.png…
[
] Uploading .htaccess…
[] Executing xCwhiPoQRB.png…
[!] This exploit may require manual cleanup of ‘.htaccess’ on the target
[
] Exploit completed, but no session was created.
Am I using the wrong payload or is it a issue I havent thought of yet?

Exactly the same problem. I tried all payloads, but nothing helped

Hi All,

This is my very first machine that I am attempting to crack, so please don’t mind the layman language. Also, this is the very first time i am posting for help, so apologies in advance if i break any rules while asking for help.

I’m trying to find the password of the user f***** using brute force, using the script at (Spoiler removed), however, i am being thrown the following error -

(removed)

Is there an issue with the script, or is it the internet. If its the former, can someone point me
in an alternate direction?

Thanks much in advance for the help!

Is the box stuck? I’ve been doing “su” but it wouldn’t responds. Although I’ve already resetted the box.

@herapen09 said:

Is the box stuck? I’ve been doing “su” but it wouldn’t responds. Although I’ve already resetted the box.

If you’ve reset the box, it probably isn’t the problem.

When you try su does it simply do nothing or do you get an error message?

If it doesn’t do anything, your shell might be broken.

@KiloLima56 said:

Hi All,

This is my very first machine that I am attempting to crack, so please don’t mind the layman language. Also, this is the very first time i am posting for help, so apologies in advance if i break any rules while asking for help.

So the information provided was probably too verbose here.

However, at a very basic level, you need to make sure you have a wordlist, a user name and a host etc.

Then check you haven’t inadvertently changed some of the exploit code.

Type your comment> @TazWake said:

@herapen09 said:

Is the box stuck? I’ve been doing “su” but it wouldn’t responds. Although I’ve already resetted the box.

If you’ve reset the box, it probably isn’t the problem.

When you try su does it simply do nothing or do you get an error message?

If it doesn’t do anything, your shell might be broken.

I’ve already done resetting the box and it wouldn’t work either. And already switching from EU to US and the same thing…the box didn’t respond. And I’ve got no error message. I’ve used the “new” one for exploiting this box.

@herapen09 said:

I’ve already done resetting the box and it wouldn’t work either. And already switching from EU to US and the same thing…the box didn’t respond. And I’ve got no error message. I’ve used the “new” one for exploiting this box.

If you aren’t getting an error message then something else might be wrong. Are you confident you have a shell which it works in?

Try with an incorrect user name and see it says anything different.

Having no response and not having it switch users is very unusual.

Type your comment> @TazWake said:

@KiloLima56 said:

Hi All,

This is my very first machine that I am attempting to crack, so please don’t mind the layman language. Also, this is the very first time i am posting for help, so apologies in advance if i break any rules while asking for help.

So the information provided was probably too verbose here.

However, at a very basic level, you need to make sure you have a wordlist, a user name and a host etc.

Then check you haven’t inadvertently changed some of the exploit code.

Thanks, and noted for future.

I double checked it, and haven’t changed the exploit code. Not too sure what’s going wrong! :frowning:

Type your comment> @Bobba26 said:

Type your comment> @s0b3k said:

My current issue is that I get this message in msf and it doesn’t create a session
[] Started reverse TCP handler on CENSORED
[+] Logged in as: f***** (I censored this as well)
[
] Retrieving UUID…
[] Uploading xCwhiPoQRB.png…
[
] Uploading .htaccess…
[] Executing xCwhiPoQRB.png…
[!] This exploit may require manual cleanup of ‘.htaccess’ on the target
[
] Exploit completed, but no session was created.
Am I using the wrong payload or is it a issue I havent thought of yet?

Exactly the same problem. I tried all payloads, but nothing helped

I saw a comment somewhere saying to set tun0. But that didn’t help mine.

@KiloLima56 said:

Thanks, and noted for future.

I double checked it, and haven’t changed the exploit code. Not too sure what’s going wrong! :frowning:

Drop me a PM if you want to be a bit more specific.

Rooted. Fun Box, I enjoyed it! PM if you need nudges.

For the login page, what is the most common name for the home page of a management utility. That name should be your success string when trying to get in.

Rooted! Some hints:

  • Foothold: how do you say you’ve not to bruteforce? You have to! But you have to craft your wordlist. Unless you’re a genious of guessing :wink:
  • User: what is the first step you do when you get a shell exploiting a php application?
  • Root: easy to say, but not so easy to guess. Pay attention at the only result linpeas would give you. The exploit is one single command. If you’re uploading something to do root privesc, you’re on the wrong path :wink:

Type your comment> @TazWake said:

@KiloLima56 said:

Thanks, and noted for future.

I double checked it, and haven’t changed the exploit code. Not too sure what’s going wrong! :frowning:

Drop me a PM if you want to be a bit more specific.

Seemed to have started working after a couple of tries! :slight_smile: Thanks anyways for the help!