Official Passage Discussion

14567810»

Comments

  • @thehandy said:

    Anyone else have problems submitting flags for this box? Mine aren't being accepted...

    This might help: https://forum.hackthebox.eu/discussion/comment/83802/#Comment_83802

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • Got it rooted, thanks!

  • Rooted!! Had some great nudges for user. After that it was basic enumeration.

    I am taking my OSCP next Friday and I can say that this machine embodies so much of the material that I have learned. In my opinion, this encompasses so much of what you need.

    Also, your knowledge of programming and scripting will make this machine a piece of cake. Either that or you will have to do some things manually which will take forever but will still work. This is actually the main reason it is so good for OSCP. PRACTICE YOUR SCRIPTING, PEOPLE

  • edited November 2

    Is it possible to get RCE using CVE-2020-8165? Has anyone tried? The application uses the RedisCacheStore.

  • Just rooted the box having read the tips here but I'm still trying to wrap my head around how y'all knew to look into the public transportation thing for the root part. I would have never looked that way if not for the comments. Could someone please enlighten me? Thanks! :smile:

  • Great box. Easy for foothold but gets more interested along the way.
    Also, very cool root part. After reading the paper I understood the name :smile:

    Feel free to DM me for some nudges.

    Nism0

  • woohoo. finally got root. made the root part harder on myself then actually necessary. in retrospective a relative easy medium machine, everything is quite intuitive to follow and no actual rabbit holes if you stick to the basics. user1 -> user2 is a bit tricky but best friends like to share everything, dont they ;)

    zaphoxx

  • Type your comment> @thehandy said:

    Anyone else have problems submitting flags for this box? Mine aren't being accepted...

    Yes. I've reached user.txt yesterday and it didn't work. Started over today and it gave me the same hash

  • @rmasterhacker My problem ended up being I had the free VPN pack instead of the VIP pack, so I was trying to enter a key that didn't correspond to my current profile's network. Maybe try regenerating your VPN connection pack to make sure you're aligned.

  • @rmasterhacker said:

    Type your comment> @thehandy said:

    Anyone else have problems submitting flags for this box? Mine aren't being accepted...

    Yes. I've reached user.txt yesterday and it didn't work. Started over today and it gave me the same hash

    Almost certainly somethiing has broken - I'd raise a Jira ticket.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • Rooted, fun box!

    Foothold: Old news
    User 1: A pretty unusual take on a common place to find creds
    User 2: Painfully easy to the point I ignored it for hours
    Root: A new one for me, had to use the hints in here after going deep down a RE black hole but the hints made sense to me and found it easily after reading them

  • I've just looked at this box as my first one in a couple of months and it is probably the quickest foothold I've ever got. Sure I'll do my usual trick of getting bogged down from here on in, but I'm taking that as a win.

    JonnyGill

  • edited November 10

    Rooted the box thanks to some hints on here. I am curious, I identified the correct way to root based on the hints on here about getting on a certain form of transportation. I really don't know how long I would have been looking if not for this hint, as nothing was sticking out. Did people who found this box easy simply notice this as an unusual thing to be on a box, based on experience? Or was there something even a noob like myself should have noticed with enough enum? Learned some really interesting stuff from it, many thanks @ChefByzen

  • Could someone PM me a nudge ?
    Stuck at getting root, even with all the hints about bus and home, I don't see anything that's sticking out :(

  • edited November 13

    Rooted. Hints

    Initial: it honestly couldn't be easier than google

    user1: Based on the talk here some people had to work for this, I don't know why, my googling for the initial foothold pretty much gave me what I needed, though I had to upgrade my access a bit to let me use it

    user2: I myself make the mistake of thinking that in CTFs everything has to be some kind of technical exploit, but even on Hackthebox it still holds true that PEOPLE ARE LAZY, so try really dumb things

    root: this one was not obvious to me at all, but through rigorous googling you'll find something that you can use. That said, you really don't have to look far. But you do have to google, and don't pass up things that look benign just because you don't really know what it is

  • Rooted! PM me for a nudge

  • Managed to get through to User 2 in a few hours and have now spent the same amount of time trying to figure out how to get root. Hooray?

    JonnyGill

  • Finally rooted! it was a fun box. PM me for nudges! but first tell me what you have tried.

  • Easy box
    pm for nudges
    [email protected]:~# id uid=0(root) gid=0(root) groups=0(root)

  • Thanks for the machine! I improved a lot my skills. Unfortunately i got root just because of hints and lucky Googling: i did not find the program while grepping ps (i double checked). Service showed up only after the exploiting. Is that normal (need to study more about some Linux mechanism)? If yes can someone please tell me how did you managed to identify the vulnerable program by yourself? What is the approach?

  • The tips on here really helped point me in the right direction for root. Certainly a technique I was not familiar with. Thanks to everyone that contributed cleverly worded hints!

  • Rooted. Everything was easy untill root.

    I just was able to get root by reading the comments here and getting lucky by finding the right article.

    Could anybody who has got root also pm me to explain to me how you are supposed to know how to exploit it or how to enumerate? Thanks!

  • Alright (first message down here o/), I just rooted this one.

    I feel bad for not noticing the obviousness of user1 for 1~2 hours.
    But I'd really like some insights on this root because the way I spotted this feels like dumb luck to me and would like to know more about proper enumeration processes. If anyone has the time to PM me I'd totally appreciate it.
    Cheers.

Sign In to comment.