Official Passage Discussion

Type your comment> @sparkla said:

@CarbonDPG said:
I’m not the owner of the box (obviously), but F2B can be configured to detect (and ban) directory brute forcing.

Thanks for clarifying. Didn’t know that. How does it work? F2B works with “Jails” when banning failed logins, I never looked under the hood how it’s actually doing this.

Fundamentally, F2B is just a log parser. Create a new definition and scan for specific regex in the apache logs. Github link below to detect weblogins for example. Though in this case, you’re not scanning for POST requests in /login, you’re scanning for excessive POST or GET requests to any page. Add the new definition to the jail config, restart the F2B service and bob’s you uncle.

Alternatively, tear apart Chef’s F2B config files once you’ve pwned the box. Found out how he’s implemented it himself, the more you know!

@LegendHacker said:
got the hash from co**.php but can’t crack it . Any nudges?

Wrong file, right area but search deeper.

Spoiler Removed

Initial foothold can be done without MSF . FYI

Type your comment> @solid5n4k3 said:

Initial foothold can be done without MSF . FYI

I couldn’t make the module work so did it manual way.

Spoiler Removed

Spoiler Removed

This was a really nice machine @ChefByzen thanks for your efforts! Feel free to get in touch if you’re stuck, I’ll try and nudge if you let me know what you’ve tried!

got user 2 but stuck now ! found ib… but what i need do ?

nice machine.
foothold is pure fun. I wasted A LOT of time getting a grip on it only because of my dumb reluctance to consider uppoer and lower case…But once you get it, it’s a snap.
User1: you are a few slashes from the goldmine.
User2: Yes, it is that easy!
Root: i admit i just took the lazy way to get the flag. but once you are able to do that, getting a root shell is trivial…

Rooted. Very nice machine.
IMHO in some points it is more “easy” than “medium”.
PM me if you need hints.
@ChefByzen: thanks for this box :smile:

Got second user, I’m pretty sure I’m home where I need to be. I’m having trouble with my keys and my rings. Solved a problem by including a dash and a cross, but now I just get no answer. How can I “display” what I want ? How do I catch the bus ?

Type your comment> @Raekh said:

Got second user, I’m pretty sure I’m home where I need to be. I’m having trouble with my keys and my rings. Solved a problem by including a dash and a cross, but now I just get no answer. How can I “display” what I want ? How do I catch the bus ?

look in google maybe u need add a “-” in your search

Type your comment> @exord26 said:

Type your comment> @Raekh said:

Got second user, I’m pretty sure I’m home where I need to be. I’m having trouble with my keys and my rings. Solved a problem by including a dash and a cross, but now I just get no answer. How can I “display” what I want ? How do I catch the bus ?

look in google maybe u need add a “-” in your search

I’ve been doing nothing but that for the past 4 hours and I tried a lot of options with dashes

Type your comment> @Raekh said:

Type your comment> @exord26 said:

Type your comment> @Raekh said:

Got second user, I’m pretty sure I’m home where I need to be. I’m having trouble with my keys and my rings. Solved a problem by including a dash and a cross, but now I just get no answer. How can I “display” what I want ? How do I catch the bus ?

look in google maybe u need add a “-” in your search

I’ve been doing nothing but that for the past 4 hours and I tried a lot of options with dashes

Google for the article on catching the bus. You can’t get much closer then @extincted 's hint.

Look for files edited say in an editor. Google suspicious filename and you will end up with an article (and likely you will see other similarities to this very machine).

1 Like

I don’t get it. There are two buses. Are they conflicting with each other ? One doesn’t seem to do anything and the other one doesn’t even start. I’m completely lost.

nice box. I had a tough time seeing what was in front of me for root. I had just not seen that before and for some reason my enumeration of processes did not turn up the vector. The clue about looking at what an editor has accessed is a really good clue. Once you have that info, the google exercise is very straight forward. I really enjoyed the foothold/user 1 enumeration.

#whoami&&id&&hostname
root
uid=0(root) gid=0(root) groups=0(root)
passage

Spoiler Removed

Everyone’s hints were awesome. Thanks all. Thanks @ChefByzen for the box.

My root hint: Don’t bank on the escalation scripts on your thumb drive. You will very likely have to Google for it. I know I had to

Spoiler Removed