HTB: Blunder 0xdf hacks stuff

Blunder starts with a blog that I’ll find is hosted on the BludIt CMS. Some version enumeration and looking at releases on GitHub shows that this version is vulnerable to a bypass of the bruteforce protections, as well as an upload and execute filter bypass on the PHP site. I’ll write my own scripts for each of these, and use them to get a shell. From there, I’ll find creds for the next user, where I’ll find the first flag. Now I can also access sudo, where I’ll see I can run sudo to get a bash shell as any non-root user. I’ll exploit CVE-2019-14287 to run that as root, and get a root shell.

HTB - PlayerTwo - HTB Writeups

Interview with Ippsec

CTF Players – Telegram

Blunder-HTB. Normally blunder means a stupid mistake…, by Dhwani Patel

Blunder HackTheBox Walkthrough - Hacking Articles

HackTheBox — Blunder Walkthrough. This is a write-up for an easy Linux…, by Mainul Hasan

HackTheBox — “Blunder”. Write-up, by Luke Paris

Machines - Hack The Box - Write-ups - Page 3 of 6 - HaXeZ

HackTheBox: Blunder write-up

HTB: Blunder 0xdf hacks stuff

Hack The Box - Sizzle - 0xRick's Blog

HTB: Paper 0xdf hacks stuff

Blunder-HTB. Normally blunder means a stupid mistake…, by Dhwani Patel

HackTheBox - Blunder

HackTheBox Writeup: PlayerTwo