Last Active


  • @dbstart09, it kind of looks like instead of using a single quote, you used the tick mark under the tilda. If it is in fact a single quote, then I'm not sure why it's not working for you.
  • Rooted. Learned some new things. Happy to provide nudges to others, just let me know where you're stuck and what you've tried.
  • If you need a shell that can use su or sudo, you can use /usr/bin/script -qc /bin/bash /dev/null on any linux box as far as I know. It won't give you tab complete or command history, though.
  • Rooted. Very cool machine, PM for hints with where you are and what you've done. Thanks to @bigFish43, @Roinard, and @jhnhnck for the nudges!
    in Quick Comment by marlasthemage June 2020
  • I saw on another thread where @MinatoTW recommended doing /usr/bin/script -qc /bin/bash /dev/null. I tried it and it worked like a charm. No long python commands, no throwing the shell into the background and messing with stty.
  • @Dzsanosz They are not open on this machine.
    in Quick Comment by marlasthemage June 2020
  • Would someone mind taking a look at my e-mail creating script and help point me to what I'm doing wrong? EDIT: Got it, thanks to the nudge from @jhnhnck. On to user!
    in Quick Comment by marlasthemage June 2020
  • @m0squ1t3 @htbuser01 DM me. I believe you likely have the wrong credentials
  • Since this is the "official" Blunder forum, I'll post that I'm available for nudges here, too. Let me know where you are and what you've tried
  • Rooted, PM me if you're stuck but let me know where you are and what you've tried.
  • FINALLY rooted. This box truly was insane. Thanks a ton to @zard, @corpnobbs, @sloth1985, and @daemonzone for the pushes. I don't consider this a spoiler, but if someone does feel free to report: For those struggling with working with the initial…
    in Fatty Comment by marlasthemage May 2020
  • @CRYP70 They have a protection in place that won't let you send a certain number of messages within a certain time frame (30 seconds, I think).
    in Quick Comment by marlasthemage May 2020
  • Rooted. Happy to provide hints, just let me know where you are and what you've tried.
    in Cache Comment by marlasthemage May 2020
  • Currently stuck on initial foothold. Was able to get to some interesting information but having trouble pulling it down. Can someone provide me with a nudge please? I can explain what I've done so far and what information I'm talking about.
    in Fatty Comment by marlasthemage May 2020
  • @killerhold Use big.txt on all the locations you've discovered with the same extensions you've likely been trying.
  • Rooted. If you need a nudge, let me know where you're at and what you've tried. This box was pretty cool, but like everyone else said should have been a medium. Both for root requiring some deeper-than-expected knowledge of how a certain program …
  • @buhaytza2005 , use ltrace to figure out what it’s doing. Give it what it wants with what you want hidden underneath
  • Rooted. This was my first hard box root, and it was a doozy. Thanks to @InfoSecJack and @chivato for creating this machine! Giving hints here would kind of ruin what makes this box a challenging learning experience, so if you'd like a nudge, let …
  • Rooted. Big thanks to @lancelai for the final nudge. Happy to provide nudges to others
    in Book Comment by marlasthemage April 2020
  • Rooted: Foothold - get logged in, then pay attention to the name of the box. User - Pay attention to running services, and always try any found credentials everywhere you can Root - linpeas will get you halfway, pspy will get you another quarter, a…
  • @zaphoxx, when you find passwords try them everywhere and with everyone!
  • @clubby789, will that stop the box breaking after restarting the service?
  • So I rooted this one, but I'm not sure if I'm doing something wrong because every other time I try to root it, it seems that restarting the service from the GUI either works fine, or totally breaks the machine and requires a box reset...anyone else …
  • @Ch0p1n, you don't need to wake them up...just do a little grave robbing.
  • Rooted! Some hints: Initial foothold - This took by far the longest for me because I was looking in the wrong spot. Typically when I see AD environments, I'll use a particular service to get a list of usernames. However this time, once you have t…
  • Need some help with my initial RCE. I've got everything working on my local machine (able to send a rev shell and execute whatever command), but when I try it against the target, just about everything fails, but I'm able to ping myself. If someone…
  • Commenting so that I can easily come back to this post in the future if/when I decide to get my OSWE. Love your reviews, thank you!
  • Rooted. Some hints: User - Look up how the CMS stores things, and then look around in the non-standard port you probably found. You'll find some useful stuff. Remember to pay attention to login prompts, otherwise you might get frustrated that th…
  • @hellsheep, take a look at the sshd_conf file and I believe you will know why you can't SSH in at M***
  • @Fratouth, you need to do some more port enumeration.

Howdy, Stranger!

Click here to create an account.