Official Passage Discussion

167891012»

Comments

  • Rooted!
    I don't know if I was lucky this time or this box was actually easy! :smiley:

  • Hi all, I cannot spawn a good tty shell. I am using 48*, I get the netcat, but when I try to spawn a real tty, it freezes (I have to close the terminal because I can no longer use it).

    I use the
    python3 -c 'import pty;pty.spawn("/bin/bash");'
    then ctrl+z
    then
    export SHELL=bash
    export TERM=xterm256-color
    stty rows 37 columns 114
    reset

    what do I do wrong?

  • Type your comment> @tomski said:

    Hi all, I cannot spawn a good tty shell. I am using 48*, I get the netcat, but when I try to spawn a real tty, it freezes (I have to close the terminal because I can no longer use it).

    I use the
    python3 -c 'import pty;pty.spawn("/bin/bash");'
    then ctrl+z
    then
    export SHELL=bash
    export TERM=xterm256-color
    stty rows 37 columns 114
    reset

    what do I do wrong?

    It doesn't always work. sometimes you have to just use the shell you've got.

    The only shell upgrade step I used on this box was python -c 'import pty;pty.spawn("/bin/bash")'

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • edited January 27

    just rooted, but only because of luck

    i commented yesterday said that i pieced little stuff together and that i can't wait to implement getting root today, turned out after another 12hrs of parsing ps output and reading docs, it's a dead end (?)
    then i came here collect hints wishing they would help which is another mistake, soon i find myself not thinking how a function work but is its name start with letter n or whatever, then i start to hate myself
    finally i give up and go no brainer google every bus name with the word "vuln" appended

    now im sitting here not as proud as i expected, i thought im gonna be "My first box! PM for nudges! ;D" but eh i still feel useless edit: also a bit foggy as i encounter so much terms while bumping around, would be happy if i truely made sense of them all, but im afraid i just developed a sys of rediculous theories hehe

    what_what

  • hi everyone! need some hint on user2 here..

  • @w41l3r said:

    hi everyone! need some hint on user2 here..

    Enumeration. Look where you landed.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • that said will check out pm, if you think i can help why not : >

    also yeah today i pasted some mysterious command into search box "what does this script do in the context of authentication?" "it's terminal color code"
    i still can't get over it

    what_what

  • Finally rooted:) My hints below :smile:

    -Foothold : very easy, don't pay attention to what may stop you and enumerate by hand

    -User1 : If you got foothold, this part would be also easy : try to crack something.

    -User2 : Enumerate all files in user1 directory.

    -Root : As others says, take the bus to catch the root flag (but look into your home directory).

  • got the root flag.....

    foothold-> to get root need some google enumeration the path is straight forward as you did for older version.
    ping me if you need help

  • Rooted!

    This was an interesting machine! Probably the foothold is the easiest of all but still the machine is not that hard. Here my hints:

    • Initial Foothold: Basic Enumeration is your friend. Do not try to bruteforce.
    • User 1: check on how the framwork works and you'll get what you need
    • User 2: find whatever these users are sharing between them
    • Root: Basic system enumeration will tell you what to do

    Hope this helps!

  • Type your comment> @maskop9 said:

    Initial foothold : Google
    User1 : Look around
    User2 : Look around
    root : Corona time, catch a bus and get back home; don;t come out #staysafe

    I know this is months late but I am just getting to this box. thank you. I hate looking for hints some times but this box had me really stumped until I read this

    crackz0p

  • nice box,

    unfortunately I only got user2 with root
    What have I learned?
    some users would even share the toothbrush ... :smiley:
    unbelievable.. .

    Thx @ChefByzen

  • edited February 7

    hmm, got foothold (nice one)
    got user 1, user 2 but can use a hint to get root.
    "stay home, public transportation and covid so use a mask" left me clueless :neutral:

    bang, hit by a bus, rooted :smiley:

    windows 7 10 is my rig :) if it can't be done on windows, i fail.

  • My second box on here. Pretty cool stuff!
    I had gotten stuck after foothold for several hours but it seemed that I overlooked some files I found some time earlier so I looked at some hints on here and checked again and voila.
    I actually tried the bus thing while I was trying to get user 1, so going back to that, it just took me 2-3 minutes to get root after user 2. And thankfully I didn't spend a lot of time to get user 2. That was very unexpected indeed.

    If anyone is stuck, do what I did and read every comment from page 1. Really good hints in here.

  • Rooted. Great machine. Thanks @ChefByzen.

    Hack The Box

  • Rooted. Some good hints in this forum, but if you're stuck feel free to DM me with where you're at and what you've tried so far.

  • Nice box and some neat details... Specially the last user's name :)

  • This was a really nice box ! Thanks @ChefByzen

  • Preparing for OSCP exam this box was my second active machine here. I'm not coming from IT background but I fairly enjoyed working all the way through to get root. Have learnt heaps Thanks @ChefByzen

  • Noob here but I'm trying to open the IP address in a web browser and Its just loading forever. Any advice would be great, sorry Im new to this but its an amazing skill to have.

  • Sorry for the noob question (long time without cracking boxes) Does anyone able to ssh it with user/pass only? Got some passes but cannot ssh'them. Thanks!

  • @deibit said:

    Sorry for the noob question (long time without cracking boxes) Does anyone able to ssh it with user/pass only?

    I dont think so. I think it is key based auth only.

    Got some passes but cannot ssh'them. Thanks!

    If they are useful, there might be other things you can do.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • edited February 28

    Type your comment> @TazWake said:

    @deibit said:

    Sorry for the noob question (long time without cracking boxes) Does anyone able to ssh it with user/pass only?

    I dont think so. I think it is key based auth only.

    Got some passes but cannot ssh'them. Thanks!

    If they are useful, there might be other things you can do.

    Thanks @TazWake . I already exploit it and upload a shell, from that point I'm stuck. I did the recon part but no clues trying to find the way to be "one of the two...".

  • @deibit said:

    Thanks @TazWake . I already exploit it and upload a shell, from that point I'm stuck. I did the recon part but no clues trying to find the way to be "one of the two...".

    Ok - its all down to enumeration to get the user flag.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • edited March 2

    Finally rooted. Foothold, user1 and user2 are no real challenge.

    Root was new for me, I definitely learned some new tricks for my upcomming OSCP exam.

    The most important is to read the outputs of my tools and not just flow over some basic stuff. The enumscript I use told me already at user1 about the privesc I used to get root, but at an unexpected place, which I didn't give much attention until now. It even told me about the presence of U** C*****r. Following the link there was a general description to the mechanisms used. The step-by-step exploit for U** C*****r was also linked. I wish I read this line before reading the whole forum and googling a lot about public transport systems...

    Thanks for the box, for me it was a perfect medium box.

  • Got user. I think that the best nudge so far I can give to get user is...upgrade your "tools".

  • [email protected]:~# hostname
    passage
    [email protected]:~# id
    uid=0(root) gid=0(root) groups=0(root)

    Great box! Thanks @ChefByzen for the learning experience. Root was particularly challenging for me but I also learned a lot along the way.

    For anyone stuck on root my advice is Google stuff you find, and don't overlook articles from well known companies - my issue was that the information I needed was in an article I overlooked because I assumed it wouldn't have the tech details.

  • Since passage expired, can we add spoilers or ask questions?

    I've seen many people using the av**** way while I used a straight script which directly gave me RC* and has***.

    IppSec also did it the av**** way.

Sign In to comment.