Blunder (Easy)

Blunder is an Easy difficulty Linux machine that features a Bludit CMS instance running on port 80. The website contains various facts about different genres. Using GoBuster, we identify a text file that hints to the existence of user fergus, as well as an admin login page that is protected against brute force. An exploit that bypasses the brute force protection is identified, and a dictionary attack is run against the login form. This attack grants us access to the admin panel as fergus. A GitHub issue detailing an arbitrary file upload and directory traversal vulnerability is identified, which is used to gain a shell as www-data. The system is enumerated and a newer version of the Bludit CMS is identified in the /var/www folder. The updated version contains the SHA1 hash of user hugo's password. The password can be cracked online, allowing us to move laterally to this user. Enumeration reveals that the user can run commands as any system user apart from root using sudo. The sudo binary is identified to be outdated, and vulnerable to CVE-2019-14287. Successful exploitation of this vulnerability returns a root shell.

Beauty Blunder Fixes in 3 Easy Steps – StyleCaster

Notre Dame's Blunder vs. Ohio State Proves Counting to 11 Isn't As Easy As It Looks - Sports Illustrated

Regiment blunder costs Estwanik easy victory - The Royal Gazette, Bermuda News, Business, Sports, Events, & Community

It Is An Easy Mistake

hackthebox.eu: Blunder Walkthrough —

Common Opening Traps and Blunders 1. e4 - Part 3

BlendJet® on X: Easy, no-blunder blending💙 These Hot Pink and Blue #BlendJets and filled with our Raspberry Dragon Fruit and Tropical Blue #JetPack Smoothies! 💜 Shop now ➡️ / X

Easy Holiday Makeup Monika Blunder

How to Stop Blunders: The Ultimate Grandmaster Guide