Official Blunder Discussion

Is the box stuck? I’ve been doing “su” but it wouldn’t responds. Although I’ve already resetted the box.

@herapen09 said:

Is the box stuck? I’ve been doing “su” but it wouldn’t responds. Although I’ve already resetted the box.

If you’ve reset the box, it probably isn’t the problem.

When you try su does it simply do nothing or do you get an error message?

If it doesn’t do anything, your shell might be broken.

@KiloLima56 said:

Hi All,

This is my very first machine that I am attempting to crack, so please don’t mind the layman language. Also, this is the very first time i am posting for help, so apologies in advance if i break any rules while asking for help.

So the information provided was probably too verbose here.

However, at a very basic level, you need to make sure you have a wordlist, a user name and a host etc.

Then check you haven’t inadvertently changed some of the exploit code.

Type your comment> @TazWake said:

@herapen09 said:

Is the box stuck? I’ve been doing “su” but it wouldn’t responds. Although I’ve already resetted the box.

If you’ve reset the box, it probably isn’t the problem.

When you try su does it simply do nothing or do you get an error message?

If it doesn’t do anything, your shell might be broken.

I’ve already done resetting the box and it wouldn’t work either. And already switching from EU to US and the same thing…the box didn’t respond. And I’ve got no error message. I’ve used the “new” one for exploiting this box.

@herapen09 said:

I’ve already done resetting the box and it wouldn’t work either. And already switching from EU to US and the same thing…the box didn’t respond. And I’ve got no error message. I’ve used the “new” one for exploiting this box.

If you aren’t getting an error message then something else might be wrong. Are you confident you have a shell which it works in?

Try with an incorrect user name and see it says anything different.

Having no response and not having it switch users is very unusual.

Type your comment> @TazWake said:

@KiloLima56 said:

Hi All,

This is my very first machine that I am attempting to crack, so please don’t mind the layman language. Also, this is the very first time i am posting for help, so apologies in advance if i break any rules while asking for help.

So the information provided was probably too verbose here.

However, at a very basic level, you need to make sure you have a wordlist, a user name and a host etc.

Then check you haven’t inadvertently changed some of the exploit code.

Thanks, and noted for future.

I double checked it, and haven’t changed the exploit code. Not too sure what’s going wrong! :frowning:

Type your comment> @Bobba26 said:

Type your comment> @s0b3k said:

My current issue is that I get this message in msf and it doesn’t create a session
[] Started reverse TCP handler on CENSORED
[+] Logged in as: f***** (I censored this as well)
[
] Retrieving UUID…
[] Uploading xCwhiPoQRB.png…
[
] Uploading .htaccess…
[] Executing xCwhiPoQRB.png…
[!] This exploit may require manual cleanup of ‘.htaccess’ on the target
[
] Exploit completed, but no session was created.
Am I using the wrong payload or is it a issue I havent thought of yet?

Exactly the same problem. I tried all payloads, but nothing helped

I saw a comment somewhere saying to set tun0. But that didn’t help mine.

@KiloLima56 said:

Thanks, and noted for future.

I double checked it, and haven’t changed the exploit code. Not too sure what’s going wrong! :frowning:

Drop me a PM if you want to be a bit more specific.

Rooted. Fun Box, I enjoyed it! PM if you need nudges.

For the login page, what is the most common name for the home page of a management utility. That name should be your success string when trying to get in.

Rooted! Some hints:

  • Foothold: how do you say you’ve not to bruteforce? You have to! But you have to craft your wordlist. Unless you’re a genious of guessing :wink:
  • User: what is the first step you do when you get a shell exploiting a php application?
  • Root: easy to say, but not so easy to guess. Pay attention at the only result linpeas would give you. The exploit is one single command. If you’re uploading something to do root privesc, you’re on the wrong path :wink:

Type your comment> @TazWake said:

@KiloLima56 said:

Thanks, and noted for future.

I double checked it, and haven’t changed the exploit code. Not too sure what’s going wrong! :frowning:

Drop me a PM if you want to be a bit more specific.

Seemed to have started working after a couple of tries! :slight_smile: Thanks anyways for the help!

i am unable to crack the hash that i obtained from the u****.php. i have used several online services as well as hashcat and its turning into a time suck. any tips would be greatly appreciated.

Type your comment> @gunroot said:

Type your comment> @thewetbandit said:

I’ve found a hash for h***. I can’t seem to crack it with john or hashcat. They just finish immediately. Should I be using a non standard wordlist?

Hey. I assume that you got the hash from appropriate version of bludit from the initial shell.

Once you got the hash, i suggest you to analyze the type of hashing used with the below link.
Hash Analyzer - TunnelsUP

Then use John or Hashcat to perform cracking based on the hash format you got from the above link.
John/Hashcat will crack it against rockyou.txt.
You can get the rockyou.txt file in here https://github.com/finnfassnacht/rockyou.txt

If not worked out, then you can use the below link to crack the hash without mentioning the has format.
(**Note this link will work only for very commonly used passwords.)
http://www.hashes.com

Hope this will help you out.
:wink: Good luck.

I’ve already cracked with john and it seems didn’t get the right password. I’m still investigate it what’s wrong with the format.

@ak9999 said:

i am unable to crack the hash that i obtained from the u****.php. i have used several online services as well as hashcat and its turning into a time suck. any tips would be greatly appreciated.

Are you 100% sure you have a hash that is crackable? For example, are you able to match it to an account on the system you want to use it against?

Type your comment> @herapen09 said:

Type your comment> @gunroot said:

Type your comment> @thewetbandit said:

I’ve found a hash for h***. I can’t seem to crack it with john or hashcat. They just finish immediately. Should I be using a non standard wordlist?

Hey. I assume that you got the hash from appropriate version of bludit from the initial shell.

Once you got the hash, i suggest you to analyze the type of hashing used with the below link.
Hash Analyzer - TunnelsUP

Then use John or Hashcat to perform cracking based on the hash format you got from the above link.
John/Hashcat will crack it against rockyou.txt.
You can get the rockyou.txt file in here https://github.com/finnfassnacht/rockyou.txt

If not worked out, then you can use the below link to crack the hash without mentioning the has format.
(**Note this link will work only for very commonly used passwords.)
http://www.hashes.com

Hope this will help you out.
:wink: Good luck.

I’ve already cracked with john and it seems didn’t get the right password. I’m still investigate it what’s wrong with the format.

I’ve already rooted this box. Got a clue from the box maker. Thanks @egotisticalSW for the box and the clue.

Hi,

I’m stuggling with the initial foothold :frowning: i guess i have the username (which is really common for the management page). I tried to bruteforce the password with no result…

maybe my username is not the right one ?

Thx

Rooted.
PM for hits :slight_smile:

Rooted! this was a fun first box, learned a bit about privesc and enumeration doing this one.

hey guys plz someone help me i am getting this error

[!] This exploit may require manual cleanup of ‘.htaccess’ on the target
[*] Exploit completed, but no session was created.

and when i check thee exploit it say ::
[*] 10.10.10.191:80 - The target is not exploitable.