Official Blunder Discussion

Official discussion thread for Blunder. Please do not post any spoilers or big hints.

seems pretty quiet…

Love that HTB finally started doing official threads for machines and then no one uses it :lol:

Nice to see an official thread. Is this going to be a thing now?

I think so. Worth keeping an eye out to see if there is anything formal from HTB in the next few days.

If nothing else, hopefully, it will help keep discussions in easy to find places.

I hope so. Makes sense when every machine ends up getting a thread created for it

hey any nudge for login page

Cool. I’ll keep an eye out in the future.
Since is this a blunder thread, I’ll just add that it’s a fun box so far. Foothold was pretty easy for me, but so far privesc is making me feel stupid.
But it’s a good thing.
Right? :smile:

Type your comment> @jiggle said:

Cool. I’ll keep an eye out in the future.
Since is this a blunder thread, I’ll just add that it’s a fun box so far. Foothold was pretty easy for me, but so far privesc is making me feel stupid.
But it’s a good thing.
Right? :smile:

bro cam i pm me

Since this is the “official” Blunder forum, I’ll post that I’m available for nudges here, too.

Let me know where you are and what you’ve tried

This box is all about proper enumeration. Initial foothold all the way to root. It is an easy box. Most people struggle on the foothold, use the appropriate tools and you will find everything you need. The rest is some googling and following the bread crumbs.

PM for nudges, but please try to on your own.

Thought it was a good box that took much longer because it was the first day and several people were crushing it with scans but fun as always!

Mentioned in the other thread but will mention here too that I completed this box and you can PM for nudges.


Foothold: go*****r was my friend. I would recommend looking for common extensions. There is a way around the lockout, just learn how to b****s it. To find the password you need to be cool and look in front of you.

User: Enumeration is key as files often contain juicy nuggets.

Root: You can run a common enumeration script for this but first check for what p*******s and permissions you have. Does these things have a way to circumvent them?

PM for a nudge.

Surprisingly good, when the box wasn’t being crushed by all the scans.

Both foothold and root are very much ‘you see it or you don’t’. If you see it immediately, it may seem trivial. If you don’t, like I did, you’re probably going to have to grind a bit needlessly. If that happens, you should probably take a break and come back to it with fresh eyes.

Foothold: use a light touch.
User: enumerate.
Root: stop trying so hard and think.

Thanks to @egotisticalSW for this machine, Don’t know why, but overthinking easy machines always makes them feel more difficult.

Initial Foothold

  • Basic web enumeration


  • Looks like they have a newer one, What I can find there?


  • Hashtag pwn!

If this is a spoiler remove it

Cool box, teaches you some key fundamentals. Brute forcing isn’t necessary, look for suspicious things. Keep enumerating once you’re in, I had to use a different resource than normal to get to user. Google will help with root too if you’re not familiar.

Someone saved screenshots one of the directories that show root flag. It wasn’t there the last time I worked on this box. Seems like the creator of the box did it. Accessible by browser, but i am still confused to why it shows up just now.

Rooted - took me 3 hours, wish I had done this yesterday! Feel free to message me if you need a nudge. Only hint I can think of right now is that almost every answer is right in front of you.

Finally got a foothold after missing some crucial info.
Trying to move to user and wondering how to go about it. Used the ms module for a shell. Found the newer version and wondering if I need to crack the info in the d********/u****.p** for H*** user or if this is the wrong way to go. I’ve tried rocking it but have had no luck. wondering if this version uses sha1 as well.

any nudges would be greatly appreciated

EDIT: wow. not in any wordlists. thanks @TheT3rminat0r

rooted - message me if you need a small hint or nudge. glad to help anyone especially who is having a hard time getting a foot hold.

I tried making me own list of things to using them to get foothold with a bunch of different tools. Many many hours wasted.

Ultimately, the half of the answer was in front of my eyes the whole time. Don’t overlook it. Literally.

The other half was a little fuzzy.

Once you have user don’t get discouraged by what you can’t do, ttry to upgrade your session. Also, don’t trust automated tools to find juicy things for you. Try enumerating on your own. Nothing fancy or complicated, look simple. Maybe just remember to redirect your errors to /dev/null so it’s easier to parse, so you’re not having to scroll throw a bunch of permission denied errors.

This is my first forum post, please let me know if anything needs to be redacted. Tried to write it to be vague enough, but to also keep the spirits up of others who hit the same barriers as myself.