Official Blunder Discussion

11517192021

Comments

  • Is anyone haveing issues with the decrypted hash for the user? It does seem to be working when trying to s**o as that user. the hash is the same and it decrypts to the same thing every time, however its comming back with sorry try again. I have tried with user in lower case letters as well as capital first letter but noithing is working. this is strange cus earlier tonight i was able to use the same user and password to snag the user flag of the box. Did someone change something arround? please message me if you know what im experiencing!!

    lordsoahc
    CCNP, CCNAx3

  • edited August 2020

    @lordsoahc said:

    Is anyone haveing issues with the decrypted hash for the user? It does seem to be working when trying to s**o as that user. the hash is the same and it decrypts to the same thing every time, however its comming back with sorry try again.
    I have tried with user in lower case letters as well as capital first letter but noithing is working. this is strange cus earlier tonight i was able to use the same user and password to snag the user flag of the box. Did someone change something arround? please message me if you know what im experiencing!!

    So, just to check, you are in a user account for **** ?

    If so, can you confirm what you mean by s**o as that user - does that mean just run s**o or add a switch to the username you are trying to use?

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Rooted. DM for any hints.

    ToxicJoker

  • Guys i completed the box but only with metasploit, in my first attempt i got a shell with nc but don't know why when i use python3 -c 'import pty; pty.spawn("/bin/bash")' (python --version give me python 3.7.5) it won't give me a proprer shell but on metaspoit it works. Why i am asking that is because when i use command like su .. it don't ask me password so i can't log with another user (on nc) . But no problem on metasploit , i just want to be able to do it without using metasploit.
    :smile:

  • edited August 2020

    Is anyone able to get a working shell? When I use the shell command in metepreter it drops me in but after that no commands give me a response, which is strange because a week ago it was working fine

  • Spoiler Removed

  • edited August 2020

    @zilwah I think something is broken I am having the same issue

  • anyone have any nudges for user?

  • ok so I rooted it but would like to discuss the exploit for root if someone could pm and explain why this works in the manner it does. I would greatly appreciate it.

  • Type your comment> @Mr10 said:

    @zilwah I think something is broken I am having the same issue

    thx @Mr10 are you using v6 too?

  • Hi THERE! I am totally new here. I have passwd and username for blunder. i trying the exploit but it return me with .htacess must be cleaned up. So i even tried resetting the machine but the response is the same. Even tried other payloads

    I am sorry if i broke any rules !!!! FIRSTDAY !!! Thank you.

  • edited August 2020

    Rooted. Message for help

    There seems to be an issue with Metasploit V6, getting a shell with V5 worked fine for me. @zilwah

  • Type your comment> @Mr10 said:

    Rooted. Message for help

    There seems to be an issue with Metasploit V6, getting a shell with V5 worked fine for me. @zilwah

    oh! thanks for that I knew upgrading my Kali (to 2020.3) could cause trouble, also broke Ruby (& Evil...), thanks heaps.

  • @letMel00kDeepr said:

    ok so I rooted it but would like to discuss the exploit for root if someone could pm and explain why this works in the manner it does. I would greatly appreciate it.

    Not sure I can explain it but I can point you to the blog posts and articles which were published around the time it was made public. That might help you.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • edited August 2020

    @s0b3k said:

    [!] This exploit may require manual cleanup of '.htaccess' on the target
    [*] Exploit completed, but no session was created.
    Am I using the wrong payload or is it a issue I havent thought of yet?

    @Bobba26 said:

    Exactly the same problem. I tried all payloads, but nothing helped

    SOLUTION FOR .htaccess error in Blunder!
    Hello there ! This is my first box so i might be able to explain things well so just bear with me. i was having the same issue after a millennia i found the solution to it :sweat_smile:. It's quite simple all you need to do is change the set the interface of Metasploit as tun0 as we are using HTB VPN and also use IP of tun0 as LHOST IP for the exploit to run correctly.

    To change the interface of Metasploit:
    setg interfaceName

    Hope i was able to help and didnt break anyrules ! Its still my DAY 2 here.

  • Got root, nice box!
    Spent a lot of time on foothold (password part), but root was very easy

    N0rt0N

  • Type your comment> @TazWake said:

    @letMel00kDeepr said:

    ok so I rooted it but would like to discuss the exploit for root if someone could pm and explain why this works in the manner it does. I would greatly appreciate it.

    Not sure I can explain it but I can point you to the blog posts and articles which were published around the time it was made public. That might help you.

    hell yeah that would help. I came across a detailed on but wouldn't you know it. Its in Chinese.

  • @letMel00kDeepr said:

    hell yeah that would help. I came across a detailed on but wouldn't you know it. Its in Chinese.

    I've sent you a DM.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • I seem to be having the same "shell hanging" issue on tool version 6. On Parrot it's the default installed version. Any workarounds or..?

    Raekh

  • Rooted.

    Got lucky with my choice of tools for the initial foothold and enumerated out user. Root is pretty simple, but I had a lot of trouble with my shell timing out throughout. Those of you who got stable shells that didn't result in you pulling your hair out over timeouts, please PM me with details.

  • Rooted.

    Foothold took a while as I was trying to belch it. After I utilized a certain framework I was in and user and root both came very easily.

    If someone who got the foothold the initial way I was trying would message me with tips, I would be very appreciative. I try to avoid using *e**sp**** as much as possible but had to resort to it here.

  • For everyone with the "shell hanging" issue :
    All you have to do is spawn a bash shell to your host (GTFOBins for the syntax).
    Works like a charm !

    Raekh

  • So after doing enumeration and creating a wordlist, I ran it through a certain tool. However, the tool does not provide the correct information even though its in there. Has anyone else had this problem?

  • This is only my second box and I'm learning loads but I have gone down so many rabbit holes with Root now i'm starting to feel like Alice. Can someone give me a quick pointer in the right direction please? I've gone through ftp folder, extracted config, tried listening to the wav, tried decrypting v10 users.php with the salt, found some screenshots.

  • Hey all, could use a nudge on username needed on foothold.. I've been enumerating all day and can't seem to find the file.

  • @aqlarx19 said:

    So after doing enumeration and creating a wordlist, I ran it through a certain tool. However, the tool does not provide the correct information even though its in there. Has anyone else had this problem?

    I dont think so. If the correct information is in there, what isn't working? You can just use it manually rather than run the tool.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • @rhysmorgan1986 said:

    This is only my second box and I'm learning loads but I have gone down so many rabbit holes with Root now i'm starting to feel like Alice. Can someone give me a quick pointer in the right direction please? I've gone through ftp folder, extracted config, tried listening to the wav, tried decrypting v10 users.php with the salt, found some screenshots.

    Dont over think the enumeration. Check what your account can do.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • @Lycist said:

    Hey all, could use a nudge on username needed on foothold.. I've been enumerating all day and can't seem to find the file.

    Have you tried different file types?

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Type your comment> @TazWake said:

    @rhysmorgan1986 said:

    This is only my second box and I'm learning loads but I have gone down so many rabbit holes with Root now i'm starting to feel like Alice. Can someone give me a quick pointer in the right direction please? I've gone through ftp folder, extracted config, tried listening to the wav, tried decrypting v10 users.php with the salt, found some screenshots.

    Dont over think the enumeration. Check what your account can do.

    I can't believe it was that simple 🤦‍♂️

    Thanks!

    Rooted

  • Rooted!!!
    ping me for any hints and tips

    Scorpion4347

Sign In to comment.