Official Passage Discussion

145679

Comments

  • got both users fast but stuck on root for several days... cant find anything interesting in home directory :( my thoughts were that i can do smthing with .X**** file but i still cant find decision. can anyone help me please to take me in right way? PM or here.
    thank you! :)

    he110w0r1d

  • @he110w0r1d said:

    got both users fast but stuck on root for several days... cant find anything interesting in home directory :( my thoughts were that i can do smthing with .X**** file but i still cant find decision. can anyone help me please to take me in right way? PM or here.
    thank you! :)

    The best non-spoiler I can come up with is:

    https://forum.hackthebox.eu/discussion/comment/83584/#Comment_83584

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • Type your comment> @TazWake said:

    @he110w0r1d said:

    got both users fast but stuck on root for several days... cant find anything interesting in home directory :( my thoughts were that i can do smthing with .X**** file but i still cant find decision. can anyone help me please to take me in right way? PM or here.
    thank you! :)

    The best non-spoiler I can come up with is:

    https://forum.hackthebox.eu/discussion/comment/83584/#Comment_83584

    Thank you, @TazWake ! Checked everything again line by line and found a solution.
    Nice and funny machine.

    he110w0r1d

  • edited September 23

    DONE! What a box!

    [email protected]:~# pwd && id
    /root
    uid=0(root) gid=0(root) groups=0(root)

    Hack The Box
    CISSP | eJPT

  • edited September 23

    To those who stuck on root - you can be sure you're on the right way staying home, and also don't forget to watch for processes running by root. I hope it's not much of a spoiler. If you cannot find any interesting file inside home, read all the files again and again, you'll finally get what you need. pspy might help you connect some dots together, and direct you to the correct path. And the last - always take it easy, don't get frustrated.

    Have fun from process, not result.

  • Type your comment> @carbide said:

    To those who stuck on root - you can be sure you're on the right way staying home, and also don't forget to watch for processes running by root. Pspy might help you.

    This is wrong/unintended. Try the same after resetting the machine. You can't see what you saw already in 'ps' and 'pspy' will not connects the dots together. This happens when you doing the machine which is already compromised by someone and left it in broken state. Make sure to reset it and try again. :)

    A Chemist doing Penetration Testing - Check the Story here: BinaryBiceps

  • edited September 23

    Type your comment> @gunroot said:

    Type your comment> @carbide said:

    To those who stuck on root - you can be sure you're on the right way staying home, and also don't forget to watch for processes running by root. Pspy might help you.

    You can't see what you saw already in 'ps' and 'pspy' will not connects the dots together.

    Actually I saw that thing everytime I ran pspy, and I ran it many times to be honest, as I spent 1.5 days working on the machine. I was just unable to notice it, or maybe I was, but even the idea of it being the way to go seemed idiotic to me.

    Reading hints here not only doesn't help one, it implicitly makes it even worse for the following reasons: these hints are confusing, non-making any sense, make you question your current direction and, finally, your own skills. There's only one percent of 1% who really bother to provide useful hints and not leave a spoiler (pretty hard) to those who really need help and are stuck, the rest just bother to show everyone they haxed the machine, that they have skills or something like that.

    So, I strongly recommend always follow yours own intuition, and if you need a hint, you can just DM someone and ask them to give you a clear hint, as hints that are meant to be useful and not spoiling at the same time are very confusing, and unlikely are to help.

  • @carbide don't take it deep. I'm also pwned this machine exactly the same way you did. For a clarification, I asked the Machine Creator if this is the way or not. He said that my way is an unintended method. So I again did the root part after resetting in the intended way.

    Moreover, people can't give a direct hint here as it will be flagged as spoiler. All they can do is providing a blurry pointer to us.

    Let's discuss about this one. ;)

    A Chemist doing Penetration Testing - Check the Story here: BinaryBiceps

  • Anyone able to help with root?

  • @wooly13 said:

    Anyone able to help with root?

    Yes

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • Type your comment> @wooly13 said:
    > Anyone able to help with root?

    Yes, if you mention where you're stuck.

    A Chemist doing Penetration Testing - Check the Story here: BinaryBiceps

  • rooted finally, very funny box ^_^

  • edited September 26

    Spoiler Removed

  • @chiefgreek said:

    can see how root is obtained with the command but need user 2 creds even with sudo - been thru the man page

    Then you've got something wrong. You don't need sudo for this.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • Just rooted Passage, nice machine! I really enjoyed this one. Many thanks, @ChefByzen for creating this machine. For every part from the user to root, please read every file carefully!

    If you've been stuck an need a nudge, please DM

    t13nn3s
    You can find write-ups and walkthroughs on my personal blog: https://binsec.nl

  • Rooted. Message for help

  • edited October 1

    any nudge for user1? , i have like 5 hashes i cant crack any of them

    UPDATE: gotcha

  • i am in p*ul directory but when i try to pass the user.txt (flag for user) htb says incorrect flag..?anyone know why this happening

  • @xenofon said:
    i am in p*ul directory but when i try to pass the user.txt (flag for user) htb says incorrect flag..?anyone know why this happening

    ok its done ,sorry

  • any nudge for root?

  • edited October 2

    for rooting there are multiple boxes that you can do the technique i used,just remember to enumerate maybe are hidden files...and spy

  • Rooted, the hardest part for me was getting the first user after the foothold. After that it went really quick. I feel like I just had some lucky intuition today though. Very fun box.

  • Type your comment> @ml19 said:

    Initial foothold took me longer than it should have taken, simply following the information given.
    User1, was on right piece but ignored it first
    User2, facepalm
    root, once knowing where to look for, easy to find the right way

    i felt the facepalm thing

  • Thanks for this nice box, it was straightforward except for root.

    I think exploiting the vuln described in the blog post would be more interesting if applied to a different case. I mean a case for which you can't just copy paste what's on the blog. Would be a harder box though.

    Would be nice if you guys can DM the way you "weaponized" the vuln for root, I am interested in ways different than what I did.

  • Got root with a little nudge from @TazWake.

    This is a very nice machine imho. Also here are very good hints, so no need for me to say anything.

    Feel free to message me if you want a little nudge.

  • Finally root!! great box! thank you @ChefByzen took me tons of hours on this one :smiley:

    [email protected]:~# hostname && id
    passage
    uid=0(root) gid=0(root) groups=0(root)

    Initial= zoom in then google. :wink:
    User1 = find that user!
    User2 = you shouldn't be sharing this
    Root = know your rights and remember, there's no place like home.

    I'd like to thank my wife for the motivational death stares. Time to sleep! :smiley:

  • Type your comment> @bigoteman said:

    > I'd like to thank my wife for the motivational death stares. Time to sleep! :smiley:

    It's beautiful. ❤️

    A Chemist doing Penetration Testing - Check the Story here: BinaryBiceps

  • Just rooted this box! It's rated as a medium, but I quickly got the foothold and first user so I thought it was just an easy.

    At that point, my enumeration and my instincts told me I need to pivot to another user that I found to get to root. That pivot slowed me down and then a good hint helped me get to user 2. I'm ashamed I overlooked that. SMH.

    From there, the escalation to root is what made this box a medium.

    DM if you need a nudge.

    zalpha
    OSCP | CISSP | CSSLP

    Respect always welcome if I can help you: https://www.hackthebox.eu/home/users/profile/140630

  • Anyone else have problems submitting flags for this box? Mine aren't being accepted...

Sign In to comment.