Official Blurry Discussion

This machine not runs well, isn’t it?
It always not shows the side menu, and not shows the configuration information after I click the CREATE NEW CREDENTIALS.

1 Like

thanks for the box, Fun!!

i have spent many hour before realize that i had added file instead of files lol :sweat_smile:
for the user as someone already say : don’t forget to add all to your /etc/hosts and well…
And also as someone mentioned for user and root keep analysing code
for the root : don’t tired yourself to much you should just analyse what you have…
thanks for clues!!

2 Likes

so I can create reverse shell file using python but how would I upload it as pickle file?

Sorry for the misspelling:

“NOT all scripts expect a pickle file”

Has anyone a hint?
Probably I’m missing something totally basic here, found some subdomains, but can’t connect to any of them via browser, nc or curl.

Very interesting attack surface, thank you for the box and for getting me out of my comfort zone with Python, I learnt a lot!!!

A hint for those stuck: reading the documentation is boring, yeah, but super effective. Once I really understood what my script was doing I could readjust and send the correct stuff. When that info clicked in my head, the rest of the machine was a breeze.

1 Like

Normally if you added all theses host to your hosts on your machine and have no problems with your vpn connexion you should be able to see any of them

According to the htb site, I’m connected.
The ip is added to the hosts file in the format:
IP blurry.htb
ffif also finds the subdomains, but the browser only says “Server not found” when I try to access it (format: http://subdomain.blurry.htb)

Have you tried adding all the subdomains in the ‘hosts’ file?

2 Likes

Thanks…that was the issue

it was what i was trying to say

nvm.

Yooo i need help with privesc. Cant seem to exploit the obvious path. Found another subdomain but cant seem to exploit it either. The subdomain seems promising . Am i on the right path?

Check @Zuzumebachi and @samushi hints.

By googling you will come up by an article that has a PoC described in it.

Also, @JacoPwn has mentioned there is a PyTorch method that can be exploited.

Managed to fix some weird payloads/configure problem so if you stuck in those stuff, feel free to dm

Anyone else getting a ‘could not download [NOT FOUND]’ error?

Hi, I’m new to HTB. I need help with moving ahead. I’m stuck

This box user was really tough to me for a bit until I decided to start back from square one and really READ what my package was doing. Really helped me learn though about real time information that effects us currently. Root, just work with what has been provided to you.

Thanks for the box!

Getting root was the hardest for me. I got, but I made it way too complicated.
My tip for root: You have certain permissions as root. Be sure to check all the write, read and execute permission on the files you’re allowed to work with.

Finally got it… for me root was so easy to spot and get compare to the user one with all the manipulation and code modification that you have to do…
Big thanks and respect to @Sp00n3r for your advice on foothold, you’re a great man

1 Like