Official Passage Discussion

1235710

Comments

  • @k4wld said:

    Type your comment> @TazWake said:

    But yeah, on this box I am not sure what the name is related to.

    Maybe relates to the user1 -> user2 "transit / passage"?

    Good point.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • Just rooted, honesty some of the hints are pointless and actually more misleading than anything.

    Very interesting box, no point adding to what was already said regarding the hints.

    lebutter
    eCPPT | OSCP

  • Rooted. Pretty fun box but I don't know why it's rated medium. It's one of the easiest boxes active rn.

    If you're stuck on root, the hints on here are more than enough to nudge you in the right direction. Don't take them too literally though. I still don't know what "read a book, write a novel" and all that stuff means.

    Feel free to PM for nudges but please don't expect direct answers. Only nudges. :smile:

    AviusX

  • edited September 8

    Pretty fun box but I don't know why it's rated medium.

    TBH I don't think it needs to be difficult to be rated medium. This one focuses on core enumeration and research skills vs just using tools. We have to do some things manually to get access (but if we could have used tools, then prob it would have been easy rated). I think the number of steps taken also is part of the reason that it is medium .

    Hack The Box
    If I helped you, I would love it if you cold +rep me on my HTB proifle.
    Somehow OSCP

    Also I will reply quicker on Discord. Hit me up Fr0sty 9#9550

  • @AviusX said:

    Rooted. Pretty fun box but I don't know why it's rated medium. It's one of the easiest boxes active rn.

    This is always subjective. If you know the steps needed to root a box, it is easy.

    As @Fr0sty9 said, it's largely down to what you need to do. The more customisation the harder the box. (In general)

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • If this is EASY, then how would you rate a box on which you could get root just by running linpeas ?

    lebutter
    eCPPT | OSCP

  • @TazWake I guess I know what you mean. I probably just compare too much. Like if I were to compare this to SneakyMailer, which had really long and fairly 'new' or 'unique' steps required to get to user, this seems like a piece of cake.
    I usually find the user rated difficulty ratings to be far more accurate than the official ratings.

    AviusX

  • If this is EASY, then how would you rate a box on which you could get root just by running linpeas ?

    xD yeah this is right. I dunno, this is why HTB is getting reputation for being less and less beginner friendly. Because even easy level boxes you have to do a bunch of manual stuff. At least that was my experience recently

    Hack The Box
    If I helped you, I would love it if you cold +rep me on my HTB proifle.
    Somehow OSCP

    Also I will reply quicker on Discord. Hit me up Fr0sty 9#9550

  • @AviusX said:

    @TazWake I guess I know what you mean. I probably just compare too much. Like if I were to compare this to SneakyMailer, which had really long and fairly 'new' or 'unique' steps required to get to user, this seems like a piece of cake.
    I usually find the user rated difficulty ratings to be far more accurate than the official ratings.

    Yeah - that can be better but only when you get a lot of ratings. There are people who rate insane boxes a 1 and I've no idea why...

    You can also use things like the number of user/root owns. If it is <30 after more than two months (Rope Two) you know it is stupidly hard. If it is > 1000 in the first week, it is probably fairly straightforward (not necessarily easy).

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • @Fr0sty9 said:

    xD yeah this is right. I dunno, this is why HTB is getting reputation for being less and less beginner friendly. Because even easy level boxes you have to do a bunch of manual stuff. At least that was my experience recently

    There are always phases as it takes about six months for a box to be released. That means if everyone today tried to make them easier, in six months we'd say "they are too easy" and everyone would make harder boxes etc.

    I do think there should be at least some active boxes a brand new skiddie can progress (its been a while since something like Blue has been released).

    For me - this box was well rated at medium.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • Type your comment> @Fr0sty9 said:

    If this is EASY, then how would you rate a box on which you could get root just by running linpeas ?

    xD yeah this is right. I dunno, this is why HTB is getting reputation for being less and less beginner friendly. Because even easy level boxes you have to do a bunch of manual stuff. At least that was my experience recently

    It's funny that you say that, because I think about this regularly when people are asking about how the OSCP exam boxes compare to HTB boxes. I felt my OSCP exam boxes were all WAY easier than the latest easy boxes on HTB. Like I had 90/100 points in 10 hours on my OSCP exam.

    Then again, some people say the OSCP boxes are like mediums on here, so I guess it is half personal opinion and luck.

    Hack The Box

  • Yeah - that can be better but only when you get a lot of ratings. There are people who rate insane boxes a 1 and I've no idea why...

    @TazWake Are you talking about the guy who rated RopeTwo a 1? I laughed my ass off at that lmao. Probably just did it for the memes. But yeah I understand what you mean.

    You always need a large sample size for statistics like this to be more precise. For example I find that even hard machines are rated fairly easy according to user ratings when they're released. It's probably because the people who attempt hard boxes at release are usually more experienced/confident and find them easier. As the number of solves grow, the rating reflects the actual difficulty according to the average user better.

    AviusX

  • Type your comment> @pizzapower said:

    Type your comment> @Fr0sty9 said:

    If this is EASY, then how would you rate a box on which you could get root just by running linpeas ?

    xD yeah this is right. I dunno, this is why HTB is getting reputation for being less and less beginner friendly. Because even easy level boxes you have to do a bunch of manual stuff. At least that was my experience recently

    It's funny that you say that, because I think about this regularly when people are asking about how the OSCP exam boxes compare to HTB boxes. I felt my OSCP exam boxes were all WAY easier than the latest easy boxes on HTB. Like I had 90/100 points in 10 hours on my OSCP exam.

    Then again, some people say the OSCP boxes are like mediums on here, so I guess it is half personal opinion and luck.

    OSCP is a lot more about enumeration and a pathway to exploiting something. Rather than some random CTF where you gotta exploit something and you only find it by desperately checking everywhere.

    Hack The Box
    If I helped you, I would love it if you cold +rep me on my HTB proifle.
    Somehow OSCP

    Also I will reply quicker on Discord. Hit me up Fr0sty 9#9550

  • Yes, the difficulty of HTB boxes is, in average, going upwards, because the sample of people rating them are practicing more and completing more boxes. Surely, as an HTB participant, something I found medium 12 months ago, would probably seem much easier now; and most of us behave that way. For newcomers it must be harder.

    lebutter
    eCPPT | OSCP

  • Wow!!! I would not want anyone to smash their keyboard/monitors etc. when they pivot from user1 -> user2. For root, all the covid 19 crap is just telling you that enum is more about just running tools. Don't run them, won't help you. Just use the "-a" with listing and read. If you have to read through the entire dir don't shy away. The more you read, more you will understand.

    3zCulprit

  • Thanks, I learned a lot!

  • Great box, nice and easy for a change, although I did get hung up overlooking some simple stuff here and there, and trying to automate my manual exploit process in the beginning with bash scripts.

  • Really fun box so far, maybe one of the first I've done with minimal hints, though I think I've managed to get it wrong both times! I've read both the user and root flag files but neither hashes are being accepted by htb; if anybody is able to chat through what I've done so far and tell me I'm being dumb, I'd really appreciate it!

  • edited September 9
    @CallumJ90
    Try resetting the box, might be because of HTBs dynamic flags

    ChefByzen
    If I helped you out at all, feel free to click my badge and give +1 respect!

  • @3zculprit said:
    enum is more about just running tools. Don't run them, won't help you. Just use the "-a" with listing and read. If you have to read through the entire dir don't shy away. The more you read, more you will understand.

    A phenominal hint. If you're still having trouble, refer to this.

    ChefByzen
    If I helped you out at all, feel free to click my badge and give +1 respect!

  • rooted. thanks @ChefByzen for a nice box - the root part was very cool

  • Probably one of my favorite boxes to date. Really good logical flow and I'd agree with other posters that the difficulty advances as you progress through the box.

    My hint for root would be to read the other posts carefully and to echo a very recent post, ensure you utilize the -a when listing directories. Enum scripts will only get you so far.

    Feel free to DM for nudges and thank you @ChefByzen for the box!

    Harbard

  • Hey there, i need a nudge.
    I have a shell, and i have to find user1.
    I searched around and i find a lot of hashes, none of them is the right one i think because they're all uncrackable.
    can someone help me?

  • Rooted!

    Straight forward but still has its own unique path/ exploits, not encountered earlier.

    Hints:
    Initial Foothold: Google. Yes its that simple but still a minor tweak.
    User 1: Enumerate everything. Each folder and each file inside.
    User 2: This is very simple. check everything inside your home.
    Root: Again. Don't leave your home. Ur bus will take you to places you never imagined

    DM for any nudges
    thanks to @ChefByzen for such an awesome box

  • @Meise said:

    Hey there, i need a nudge.
    I have a shell, and i have to find user1.
    I searched around and i find a lot of hashes, none of them is the right one i think because they're all uncrackable.
    can someone help me?

    Have you tried hashid? Are you sure they are "hashes" (i.e. are they fixed-length strings which is a good indication that something is hashed).

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • edited September 9

    Type your comment> @TazWake said:

    @Meise said:

    Hey there, i need a nudge.
    I have a shell, and i have to find user1.
    I searched around and i find a lot of hashes, none of them is the right one i think because they're all uncrackable.
    can someone help me?

    Have you tried hashid? Are you sure they are "hashes" (i.e. are they fixed-length strings which is a good indication that something is hashed).

    yeah, they're all uknown hashes

  • @Meise said:

    yeah, they're all uknown hashes

    When you decode them, do you get anything more useful?

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • @TazWake said:
    @Meise said:

    yeah, they're all uknown hashes

    When you decode them, do you get anything more useful?

    mmh...
    i think c***.php is a bait, same the **.php files, and i think i didnt find nothing usefull on them
    thx a lot for the help anyway

  • @Meise said:

    mmh...
    i think c***.php is a bait, same the **.php files, and i think i didnt find nothing usefull on them
    thx a lot for the help anyway

    I'd double-check at least part of that assumption. Feel free to PM if you want to be more specific about which files you mean.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • edited September 9

    @ChefByzen said:

    @CallumJ90
    Try resetting the box, might be because of HTBs dynamic flags

    Thanks for the reply! Even after resets the website wouldn't take the flags, it was only through spawning my own release arena instance I was able to submit them (if anybody happens to have the same issue).
    Overall really great box, the most fun I've had so far!

Sign In to comment.