Official discussion thread for Blurry. Please do not post any spoilers or big hints.
Any fucking attack vector??
Search for CLEAR ML vulnerability, you should see a website with some POCs
Rooted!
Pretty easy machine, yet an interesting one. DM if you need a nudge.
For user: Don’t forget to add everything to /etc/hosts and read the code thoroughly.
For root: Again, read the code and read about safetensors.
respect
any help on CLEAR ML
Please remember these are shared machines and don’t do things like make /bin/bash SUID and clobber other perms and files that are part of the exploit chain without fixing them back afterward. The reset went through and fixed it, but now anyone still working on the foothold exploit will have to generate new creds
Very interesting machine, its topic is something very relevant right now.
Hints:
- Foothold: research on recent vulnerabilities in the service you found during enumeration phase, you will quickly find something related to the name of the machine.. If your shell doesn’t work, try the one using nc. If your payload doesn’t work no matter what, instead of creating a file and using the path, try to pass the object directly
- Root: analyze the code you can run as root, then research on how that have been used for spreading malware
For foothold, used the exact same script 10-20 times, and only the last time it worked, no ideea why… and after a reset…
what’s the script
Rooted, pm if you need help
Cant find the poc u guys talking about xD
(Bit sad now cuz freelancer, missed sys points because a broken file transfer xD)
Very fun and interesting box
Completely different compared to other boxes
But finally rooted
Feel free to DM for any nudges/hints
Rooted, I struggled on user for a very long time because I overlooked something very simple with the payload.
DMs open if anyone has questions.
same)
Can you tell me pls where to put the payload
Tips:
User: Quick google search will give you a vuln. But don’t ask our famous friend gpt as he will have no idea you are hacking him. When you find the vulnerability report, pay attention on what the authors indicated on the exploit. Not everything they disclose will work. You may need to tweak it. Be creative. Python is fun.
Root: Basic privesc. There are multiple ways. Again, python is fun
Hi, thanks for the advice already. Found the CVE and tried to use it, but if you follow the steps outlined in their guide, it does not work (it’s not executing code). Another user pointed our you would have to pass the object directly instead of uploading a file, how would you do that? Any hints are greatly appreciated
Can you please give me a hint to find CVE