Official Passage Discussion

Type your comment> @m1r3x said:

Stuck at root. Only seeing cups as a service to exploit, but canā€™t seem to find any article/exploit related to this version.

Usual enumeration and little bit of Googling with sensitive terms will give you a good article. :wink:

do i must crack the hash for get user?

Type your comment> @0xstain said:

do i must crack the hash for get user?

yes. crackstation is enough.

Iā€™m so glad to see people have been enjoying the box so far!

Iā€™ve seen some great nudges in this forum. Iā€™m also open to feedback on the machine, so donā€™t be shy. PM me.

Here are my cryptic hints!:

  • Foothold: Bruteforce isnā€™t necessary, just be curious and google it.
  • User: Download your own copy and learn how it works. It will help you find the treasure!
  • Privesc: Look for rule-breakers! Sharing isnā€™t always caring.
  • Root: Stay close to home. Read a good book or write a novel! Thereā€™s plenty to do indoors.

Feel free to PM me for hints, tips, or nudges!

If you enjoyed the machine (or not), you can always leave a review & rating on the machines page.

Root!

Type your comment> @0xstain said:

do i must crack the hash for get user?

Hashcat may work with correct module mentioning. :slight_smile:

Rooted! Nice to have an easier box this week - thanks to @ChefByzen.

Rooted in the end after stepping over the clue a few times. Thanks @gs4l for the nudge. Itā€™s a nice box @ChefByzen

Initial foothold : Google
User1 : Look around
User2 : Look around
root : Corona time, catch a bus and get back home; don;t come out #staysafe

Rooted :slight_smile:
If anyone need a hint, PM

got the hash from co**.php but canā€™t crack it . Any nudges?

Type your comment> @maskop9 said:

Initial foothold : Google
User1 : Look around
User2 : Look around
root : Corona time, catch a bus and get back home; don;t come out #staysafe

Rooted, thanks to this comment.

Certainly on the easier side of medium boxes. The best part is that all the steps are quite logical with no guess work involved. Props to the creator @ChefByzen for that.

All the hints have already been given in this thread. But if you still need a nudge, feel free to pm.

Type your comment> @sparkla said:

@CarbonDPG said:
Iā€™m not the owner of the box (obviously), but F2B can be configured to detect (and ban) directory brute forcing.

Thanks for clarifying. Didnā€™t know that. How does it work? F2B works with ā€œJailsā€ when banning failed logins, I never looked under the hood how itā€™s actually doing this.

Fundamentally, F2B is just a log parser. Create a new definition and scan for specific regex in the apache logs. Github link below to detect weblogins for example. Though in this case, youā€™re not scanning for POST requests in /login, youā€™re scanning for excessive POST or GET requests to any page. Add the new definition to the jail config, restart the F2B service and bobā€™s you uncle.

Alternatively, tear apart Chefā€™s F2B config files once youā€™ve pwned the box. Found out how heā€™s implemented it himself, the more you know!

@LegendHacker said:
got the hash from co**.php but canā€™t crack it . Any nudges?

Wrong file, right area but search deeper.

Spoiler Removed

Initial foothold can be done without MSF . FYI

Type your comment> @solid5n4k3 said:

Initial foothold can be done without MSF . FYI

I couldnā€™t make the module work so did it manual way.

Spoiler Removed

Spoiler Removed

This was a really nice machine @ChefByzen thanks for your efforts! Feel free to get in touch if youā€™re stuck, Iā€™ll try and nudge if you let me know what youā€™ve tried!