Official Passage Discussion

@3zculprit said:
enum is more about just running tools. Don’t run them, won’t help you. Just use the “-a” with listing and read. If you have to read through the entire dir don’t shy away. The more you read, more you will understand.
A phenominal hint. If you’re still having trouble, refer to this.

rooted. thanks @ChefByzen for a nice box - the root part was very cool

Probably one of my favorite boxes to date. Really good logical flow and I’d agree with other posters that the difficulty advances as you progress through the box.

My hint for root would be to read the other posts carefully and to echo a very recent post, ensure you utilize the -a when listing directories. Enum scripts will only get you so far.

Feel free to DM for nudges and thank you @ChefByzen for the box!

Hey there, i need a nudge.
I have a shell, and i have to find user1.
I searched around and i find a lot of hashes, none of them is the right one i think because they’re all uncrackable.
can someone help me?

Rooted!

Straight forward but still has its own unique path/ exploits, not encountered earlier.

Hints:
Initial Foothold: Google. Yes its that simple but still a minor tweak.
User 1: Enumerate everything. Each folder and each file inside.
User 2: This is very simple. check everything inside your home.
Root: Again. Don’t leave your home. Ur bus will take you to places you never imagined

DM for any nudges
thanks to @ChefByzen for such an awesome box

@Meise said:

Hey there, i need a nudge.
I have a shell, and i have to find user1.
I searched around and i find a lot of hashes, none of them is the right one i think because they’re all uncrackable.
can someone help me?

Have you tried hashid? Are you sure they are “hashes” (i.e. are they fixed-length strings which is a good indication that something is hashed).

Type your comment> @TazWake said:

@Meise said:

Hey there, i need a nudge.
I have a shell, and i have to find user1.
I searched around and i find a lot of hashes, none of them is the right one i think because they’re all uncrackable.
can someone help me?

Have you tried hashid? Are you sure they are “hashes” (i.e. are they fixed-length strings which is a good indication that something is hashed).

yeah, they’re all uknown hashes

@Meise said:

yeah, they’re all uknown hashes

When you decode them, do you get anything more useful?

@TazWake said:
@Meise said:

yeah, they’re all uknown hashes

When you decode them, do you get anything more useful?

mmh…
i think c***.php is a bait, same the **.php files, and i think i didnt find nothing usefull on them
thx a lot for the help anyway

@Meise said:

mmh…
i think c***.php is a bait, same the **.php files, and i think i didnt find nothing usefull on them
thx a lot for the help anyway

I’d double-check at least part of that assumption. Feel free to PM if you want to be more specific about which files you mean.

@ChefByzen said:

@CallumJ90
Try resetting the box, might be because of HTBs dynamic flags

Thanks for the reply! Even after resets the website wouldn’t take the flags, it was only through spawning my own release arena instance I was able to submit them (if anybody happens to have the same issue).
Overall really great box, the most fun I’ve had so far!

Rooted!

That’s the most awesome box art I’ve seen yet.

User hint:
Find the interesting file, then study how the encryption works.

User2 hint:
Find something that isn’t meant to be shared.

Root hint:
Take the hint from a hidden file.

DM if you need additional nudges.

Rooted. Fun box, nothing too wild. Feel free to pm for a nudge but make sure you tell me what you tried first.

Done. Root is quite hard as compared to the rest of the box… unusual method for sure. Make sure to check your command if you are getting errors, I’ve wasted hours because of a typo. Many thanks to @Hyp3rDrive for pointing it out.

Having an issue with the foothold for some reason… the shell I upload doesn’t want to accept commands. Can anyone help?

Edit: nvm stupid error in my code

Currently I’m stucked on root :neutral: any hint is appreciated :lol:
until now I really enjoyed the machine, one of my favourite.

Uh, I fell really dumb.
I’m looking for the interesting file to gain access to User 1.

I know what I should find in, I’m sure I missed it, but I can’t find it…
Spoiler Removed

Am I on the right path ?

Thanks !

Type your comment> @Sigerbjorn said:

Uh, I fell really dumb.
I’m looking for the interesting file to gain access to User 1.

I know what I should find in, I’m sure I missed it, but I can’t find it…

Am I on the right path ?

Thanks !

yes

@Shides said:

Currently I’m stucked on root :neutral: any hint is appreciated :lol:
until now I really enjoyed the machine, one of my favourite.

Enumerate. Look for something which has certain settings that you can use to your advantage.

Anyone else having an issue where the hash for p**l isn’t there? Am i just blind lol