Official Passage Discussion

1456810

Comments

  • P.S: I don't know some people are not relating the name of the machine with the process to get root. It totally makes sense to me. :smiley:

    Afterall it is even funny -:)
    However finding it was definitely not easy. A new thing for me.

    m4rc1n

  • edited September 15

    I think this was one of the fastest boxes I have ever rooted (a definite record for user for me). As always, learned new things from the box, especially regarding certain services. Many thanks to @ChefByzen for an entertaining box.

    So, here's my hints:

    INITIAL

    • First page will give you all you need to find a way in.
    • Process the info you get, it's not just for show.

    USER

    • Use the info you processed.

    USER 2

    • Some things you just shouldn't share if you want to keep people out.

    ROOT

    • Be responsible, stay at home, and dream of being able to take public transportation.

    Let me know if there are any spoilers and I'll remove them.

    As always, PM me here or on Discord. Don't forget to tell me your progress so I can avoid spoilers.

    Hack The Box
    Discord: AzAxIaL#8633

  • Rooted !
    I actually rooted it the first time because someone dropped a very sensitive file in /tmp, and I thought that was it... Stupid me, lol. Nonetheless, please clean up your workplace before leaving.
    A friend of mine told me that wasn't supposed to be the way, so I went back to try and see if I could do it without benefiting of someone else's carelessness.
    And I did ! For some reason it took me ages to get the command to work fine, but eventually I got root.
    Fun box, thanks @ChefByzen !

    Oh, and I agree that the name of the box is very related to the way you become root. Maybe it makes more sens in some languages than others ?

  • Fun box! recommended as the first box media to start
    Congrats @ChefByzen !

    Pm for nudges ;)

  • @crash0 said:
    Rooted.
    Whilst the foothold and the users were a good teaching, I think the root was a bit on the CTF side of things. After many enumeration scripts returning nothing, how on Earth should that path be visible?

    I was out of hairs when I tried something dumb and it resulted in a good privesc blog post, tbh.

    Congrats on rooting it!

    I'm glad you were able to learn something about manual enumeration and finding user files :) scripts don't have all the answers... And they'll likely get you caught if you're not careful with them.

    ChefByzen
    If I helped you out at all, feel free to click my badge and give +1 respect!

  • Is anyone else having problems with the box always being down. Its been one complete day and I couldn't even perform a proper enumeration because the box is always down.

  • Really fun box, taught me to always go back to basics, never overlook them. PM me if you're stuck.

    PM for nudges, I'm almost available 24/7.

  • Type your comment> @blacViking said:
    > Is anyone else having problems with the box always being down. Its been one complete day and I couldn't even perform a proper enumeration because the box is always down.

    There is Fail2Ban implemented. If you bruteforce anything it will ban your IP for couple of minutes.

    sparrow1

  • Hi Guys,

    After getting in any hints for 1st user ?? Have stuck a bit..

    Hack The Box

  • @xxTMGxx said:

    Hi Guys,

    After getting in any hints for 1st user ?? Have stuck a bit..

    It really depends on where and why you are stuck. Visit in a browser, read the links, found out whats there, exploit it, get a shell.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • Great and enjoyable machine. Get a shell is easy just Google it, first and second user took me some time to figure out the way and root password lot of searching and looking around. PM if you need some help.

  • Type your comment> @TazWake said:

    @xxTMGxx said:

    Hi Guys,

    After getting in any hints for 1st user ?? Have stuck a bit..

    It really depends on where and why you are stuck. Visit in a browser, read the links, found out whats there, exploit it, get a shell.

    Got shell and inside as www-data

    Hack The Box

  • @xxTMGxx said:

    Got shell and inside as www-data

    Ok to move from that account to the next one, you need to enumerate. Find something. Make it readable. Crack it. Use it.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • edited September 17

    Hi !
    I've easely got the user1 but im stuck on user2 i've seen that user2 leave something in the home of user1, but he ask me for.. what you know.
    Is there a part of guessing or am I missing something ?

    Thanks :)

  • Type your comment> @Worty said:

    Hi !
    I've easely got the user1 but im stuck on user2 i've seen that user2 leave something in the home of user1, but he ask me for.. what you know.
    Is there a part of guessing or am I missing something ?

    Thanks :)

    A joke I made elsewhere today is that a lot of this is guesswork, we just call it fuzzing/enumeration to sound better.

    It depends on what you mean by user1 and user2 in this context, to get a shell as root you may have gone through three "accounts" on the box (root being the fourth) but some people dont consider one of them a "user" so may skip it in their counting.

    What I would suggest is to enumerate. If you can describe what you find, you might find what you need.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • Type your comment> @TazWake said:

    Type your comment> @Worty said:

    Hi !
    I've easely got the user1 but im stuck on user2 i've seen that user2 leave something in the home of user1, but he ask me for.. what you know.
    Is there a part of guessing or am I missing something ?

    Thanks :)

    A joke I made elsewhere today is that a lot of this is guesswork, we just call it fuzzing/enumeration to sound better.

    It depends on what you mean by user1 and user2 in this context, to get a shell as root you may have gone through three "accounts" on the box (root being the fourth) but some people dont consider one of them a "user" so may skip it in their counting.

    What I would suggest is to enumerate. If you can describe what you find, you might find what you need.

    By user1 i mean the user which contains in his home folder user.txt !

  • @Worty said:

    By user1 i mean the user which contains in his home folder user.txt !

    And other things. Have a look at them.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • Type your comment> @TazWake said:

    @Worty said:

    By user1 i mean the user which contains in his home folder user.txt !

    And other things. Have a look at them.

    And in this home i've seen something owned by user2 (n****) but when I try to switch to this user he ask me a kind of password ;) .

  • @Worty said:

    And in this home i've seen something owned by user2 (n****) but when I try to switch to this user he ask me a kind of password ;) .

    Its worth looking for a thing which will let you access without any kind of password.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • edited September 17

    Rooted the machine, it was a fun box. User and Root both were interesting
    Thanks @PapyrusTheGuru for the nudges.

    User1->User2:They both share the same way to get in
    For people on the root part, you just need to look at the other files too in the home.

    PM if you need help

  • And rooted. The foothold was one of the trickiest parts. I was so confused when i couldn't find the directory until I realized that capitalization is important.
    Thanks to @ChefByzen for the awesome box

    kneedeep

    Reality is often disappointing.

  • Rooted machine !

    I liked a lot this machine. For the users part it was very easy but the root part very difficult to find what ti is juice. I appreciate who nudge me to root, address me where to look in.

  • cant figure out the right binary for root!
    a little help guyz

  • just rooted this box, but the way I rooted it was more of guess work, does anyone care to PM me about how you got to know about this exploit. And someone in the discussion said that there are more then one way to get to root, anyone wants to discuss about it?

  • hey everyone ! I've been stuck on root for a long time and clues here don't really help me... Tried a bunch of stuff, enumerated a lot but I'm clearly missing something (but I'm a beginner)...

  • @Slowtech said:

    hey everyone ! I've been stuck on root for a long time and clues here don't really help me... Tried a bunch of stuff, enumerated a lot but I'm clearly missing something (but I'm a beginner)...

    When you enumerate, look at all the files you can find which would normally come up on a enum search. Check them out and see if any can be exploited. There is a good blog post on how to use it.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • edited September 21

    Rooted,
    Fun box :) - awesome work @ChefByzen
    Thank you @TazWake for the initial nudge :)

    Always happy to help others. 100% human

    https://www.mindfueldaily.com/livewell/thank-you/

  • Rooted !
    Thanks @TazWake and @ChefByzen for the nudge, I totally missed the file, thinking it was not supposed to be here...
    Really fun box, learned a lot on this one

  • Wonderful machine! Thanks @ChefByzen. Root was fantastic - I'm happy that I could study (and exploit) that vulnerability.

    OSCP | RHCE

  • Very Interesting and fun box .. First box on HTB that I did in one day :smiley:

    Initial Foothold :

    • Look through the website properly you will find clues
      User 1:

    • Result of initial foothold is sufficient enough to get you this user
      User 2:

    • Dig through all the files and you will find interesting stuff
      User 3:

    • Its just a call away..Keep your brain's window wide open
      Root:

    • So far the only trickiest thing in the whole box .. follow previous hints "Stay Home" the passage to other world goes underground.

    DM me for nudges . Lovely box

Sign In to comment.