Official Passage Discussion

2456710

Comments

  • I have got user1. But can't find a way to user2. I have read the above comments. Found a key***gs directory in .loc******re. I guess something will be revealed by the files in it. Can anyone give a nudge, am I on the right path?

  • Type your comment> @gs4l said:

    I have got user1. But can't find a way to user2. I have read the above comments. Found a key***gs directory in .loc******re. I guess something will be revealed by the files in it. Can anyone give a nudge, am I on the right path?

    no, wrong path .. it is way more easy :)

  • Type your comment> @Oxeeql said:

    Type your comment> @gs4l said:

    I have got user1. But can't find a way to user2. I have read the above comments. Found a key***gs directory in .loc******re. I guess something will be revealed by the files in it. Can anyone give a nudge, am I on the right path?

    no, wrong path .. it is way more easy :)

    Thanks . Was so easy that I completely overlooked it. Got it now

  • [email protected]:~# id
    uid=0(root) gid=0(root) groups=0(root)
    [email protected]:~# whoami
    root
    

    Fun box, pm for nudges

    Check for writeups -> https://noxious.tech

  • Rooted thx @N0xi0us for your help at the root part.

    Shell easy af, just google
    User 1: look for juicy info files
    User2: Its right there, but can be missed
    root: Again, its right there, think about the covid comment and stay at home, the interesting part can be missed as well, but after googling you might know it when you see it.

    Delete if it contains to Spoilers

    OSCP | Stay root! | Twitter: S1lky_1337

  • Rooted!!
    This box is like way easy in the beginning to almost a bit hard in the end. Thanks @N0xi0us for the nudge in the end.
    Feel free to dm for hints 🙂

  • Stuck at root. Only seeing cups as a service to exploit, but can't seem to find any article/exploit related to this version.

  • Type your comment> @m1r3x said:

    Stuck at root. Only seeing cups as a service to exploit, but can't seem to find any article/exploit related to this version.

    Usual enumeration and little bit of Googling with sensitive terms will give you a good article. ;)

    A Chemist doing Penetration Testing - Check the Story here: BinaryBiceps

  • do i must crack the hash for get user?

  • Type your comment> @0xstain said:

    do i must crack the hash for get user?

    yes. crackstation is enough.

  • I just wanted to continue with this box and again having issues to connect to the box at all. Yesterday it might very well have been the cause of "F2B" but at least right now I'm sure it's not, did no scan or anything yet on the box. I already got an RSA key for p*** and simply wanted to connect via ss*.

    I reset the box, still nothing. Starting Arena shows the box as "running" with IP address. I'm aware the address changes on reset.

    I can reach the public box, but not the Arena box.

    Hack The Box

  • edited September 6

    I'm so glad to see people have been enjoying the box so far!

    I've seen some great nudges in this forum. I'm also open to feedback on the machine, so don't be shy. PM me.

    Here are my cryptic hints!:

    • Foothold: Bruteforce isn't necessary, just be curious and google it.
    • User: Download your own copy and learn how it works. It will help you find the treasure!
    • Privesc: Look for rule-breakers! Sharing isn't always caring.
    • Root: Stay close to home. Read a good book or write a novel! There's plenty to do indoors.

    Feel free to PM me for hints, tips, or nudges!

    If you enjoyed the machine (or not), you can always leave a review & rating on the machines page.

    ChefByzen
    If I helped you out at all, feel free to click my badge and give +1 respect!

  • Type your comment> @0xstain said:
    > do i must crack the hash for get user?

    Hashcat may work with correct module mentioning. :)

    A Chemist doing Penetration Testing - Check the Story here: BinaryBiceps

  • Rooted! Nice to have an easier box this week - thanks to @ChefByzen.

    alt text

  • Rooted in the end after stepping over the clue a few times. Thanks @gs4l for the nudge. It's a nice box @ChefByzen

  • Initial foothold : Google
    User1 : Look around
    User2 : Look around
    root : Corona time, catch a bus and get back home; don;t come out #staysafe

  • edited September 6
    Rooted :)
    If anyone need a hint, PM
  • @CarbonDPG said:
    I'm not the owner of the box (obviously), but F2B can be configured to detect (and ban) directory brute forcing.

    Thanks for clarifying. Didn't know that. How does it work? F2B works with "Jails" when banning failed logins, I never looked under the hood how it's actually doing this.

    Hack The Box

  • got the hash from co**.php but can't crack it . Any nudges?
  • Type your comment> @maskop9 said:

    Initial foothold : Google
    User1 : Look around
    User2 : Look around
    root : Corona time, catch a bus and get back home; don;t come out #staysafe

    Rooted, thanks to this comment.

    Certainly on the easier side of medium boxes. The best part is that all the steps are quite logical with no guess work involved. Props to the creator @ChefByzen for that.

    All the hints have already been given in this thread. But if you still need a nudge, feel free to pm.

    For asking help, please describe what you have tried so far, so i don't spoil too much.
    If you believe i was able to help, please provide feedback by giving respect:
    https://www.hackthebox.eu/home/users/profile/122308

  • Type your comment> @sparkla said:

    @CarbonDPG said:
    I'm not the owner of the box (obviously), but F2B can be configured to detect (and ban) directory brute forcing.

    Thanks for clarifying. Didn't know that. How does it work? F2B works with "Jails" when banning failed logins, I never looked under the hood how it's actually doing this.

    Fundamentally, F2B is just a log parser. Create a new definition and scan for specific regex in the apache logs. Github link below to detect weblogins for example. Though in this case, you're not scanning for POST requests in /login, you're scanning for excessive POST or GET requests to any page. Add the new definition to the jail config, restart the F2B service and bob's you uncle.

    https://gist.github.com/joecampo/848178ab5c18aada0eab

    Alternatively, tear apart Chef's F2B config files once you've pwned the box. Found out how he's implemented it himself, the more you know!

  • @LegendHacker said:
    got the hash from co**.php but can't crack it . Any nudges?

    Wrong file, right area but search deeper.

  • Spoiler Removed

    Hack The Box

  • Spoiler Removed

  • Initial foothold can be done without MSF . FYI

  • Type your comment> @solid5n4k3 said:

    Initial foothold can be done without MSF . FYI

    I couldn't make the module work so did it manual way.

  • Spoiler Removed

  • Spoiler Removed

    Running for OSCP

  • This was a really nice machine @ChefByzen thanks for your efforts! Feel free to get in touch if you're stuck, I'll try and nudge if you let me know what you've tried!

Sign In to comment.