Last Active


  • @dbstart09, it kind of looks like instead of using a single quote, you used the tick mark under the tilda. If it is in fact a single quote, then I'm not sure why it's not working for you.
  • Rooted. Learned some new things. Happy to provide nudges to others, just let me know where you're stuck and what you've tried.
  • If you need a shell that can use su or sudo, you can use /usr/bin/script -qc /bin/bash /dev/null on any linux box as far as I know. It won't give you tab complete or command history, though.
  • Rooted. Very cool machine, PM for hints with where you are and what you've done. Thanks to @bigFish43, @Roinard, and @jhnhnck for the nudges!
    in Quick Comment by marlasthemage June 8
  • I saw on another thread where @MinatoTW recommended doing /usr/bin/script -qc /bin/bash /dev/null. I tried it and it worked like a charm. No long python commands, no throwing the shell into the background and messing with stty.
  • @Dzsanosz They are not open on this machine.
    in Quick Comment by marlasthemage June 7
  • Would someone mind taking a look at my e-mail creating script and help point me to what I'm doing wrong? EDIT: Got it, thanks to the nudge from @jhnhnck. On to user!
    in Quick Comment by marlasthemage June 6
  • @m0squ1t3 @htbuser01 DM me. I believe you likely have the wrong credentials
  • Since this is the "official" Blunder forum, I'll post that I'm available for nudges here, too. Let me know where you are and what you've tried
  • Rooted, PM me if you're stuck but let me know where you are and what you've tried.
    in Blunder Comment by marlasthemage May 31
  • FINALLY rooted. This box truly was insane. Thanks a ton to @zard, @corpnobbs, @sloth1985, and @daemonzone for the pushes. I don't consider this a spoiler, but if someone does feel free to report: For those struggling with working with the initial…
    in Fatty Comment by marlasthemage May 25
  • @CRYP70 They have a protection in place that won't let you send a certain number of messages within a certain time frame (30 seconds, I think).
    in Quick Comment by marlasthemage May 23
  • Rooted. Happy to provide hints, just let me know where you are and what you've tried.
    in Cache Comment by marlasthemage May 18
  • Currently stuck on initial foothold. Was able to get to some interesting information but having trouble pulling it down. Can someone provide me with a nudge please? I can explain what I've done so far and what information I'm talking about.
    in Fatty Comment by marlasthemage May 11
  • @killerhold Use big.txt on all the locations you've discovered with the same extensions you've likely been trying.
    in Admirer Comment by marlasthemage May 6
  • Rooted. If you need a nudge, let me know where you're at and what you've tried. This box was pretty cool, but like everyone else said should have been a medium. Both for root requiring some deeper-than-expected knowledge of how a certain program …
    in Admirer Comment by marlasthemage May 5
  • @buhaytza2005 , use ltrace to figure out what it’s doing. Give it what it wants with what you want hidden underneath
  • Rooted. This was my first hard box root, and it was a doozy. Thanks to @InfoSecJack and @chivato for creating this machine! Giving hints here would kind of ruin what makes this box a challenging learning experience, so if you'd like a nudge, let …
  • Rooted. Big thanks to @lancelai for the final nudge. Happy to provide nudges to others
    in Book Comment by marlasthemage April 23
  • Rooted: Foothold - get logged in, then pay attention to the name of the box. User - Pay attention to running services, and always try any found credentials everywhere you can Root - linpeas will get you halfway, pspy will get you another quarter, a…
    in Magic Comment by marlasthemage April 19
  • @zaphoxx, when you find passwords try them everywhere and with everyone!
  • @clubby789, will that stop the box breaking after restarting the service?
  • So I rooted this one, but I'm not sure if I'm doing something wrong because every other time I try to root it, it seems that restarting the service from the GUI either works fine, or totally breaks the machine and requires a box reset...anyone else …
  • @Ch0p1n, you don't need to wake them up...just do a little grave robbing.
    in Cascade Comment by marlasthemage April 5
  • Rooted! Some hints: Initial foothold - This took by far the longest for me because I was looking in the wrong spot. Typically when I see AD environments, I'll use a particular service to get a list of usernames. However this time, once you have t…
  • Need some help with my initial RCE. I've got everything working on my local machine (able to send a rev shell and execute whatever command), but when I try it against the target, just about everything fails, but I'm able to ping myself. If someone…
  • Commenting so that I can easily come back to this post in the future if/when I decide to get my OSWE. Love your reviews, thank you!
  • Rooted. Some hints: User - Look up how the CMS stores things, and then look around in the non-standard port you probably found. You'll find some useful stuff. Remember to pay attention to login prompts, otherwise you might get frustrated that th…
    in Remote Comment by marlasthemage March 22
  • @hellsheep, take a look at the sshd_conf file and I believe you will know why you can't SSH in at M***
  • @Fratouth, you need to do some more port enumeration.

Howdy, Stranger!

Click here to create an account.