Official Passage Discussion

1235712

Comments

  • If this is EASY, then how would you rate a box on which you could get root just by running linpeas ?

    lebutter
    eCPPT | OSCP

  • @TazWake I guess I know what you mean. I probably just compare too much. Like if I were to compare this to SneakyMailer, which had really long and fairly 'new' or 'unique' steps required to get to user, this seems like a piece of cake.
    I usually find the user rated difficulty ratings to be far more accurate than the official ratings.

    AviusX

  • If this is EASY, then how would you rate a box on which you could get root just by running linpeas ?

    xD yeah this is right. I dunno, this is why HTB is getting reputation for being less and less beginner friendly. Because even easy level boxes you have to do a bunch of manual stuff. At least that was my experience recently

    Hack The Box
    If I helped you, I would love it if you cold +rep me on my HTB proifle.
    Somehow OSCP

    Also I will reply quicker on Discord. Hit me up Fr0sty 9#9550

  • @AviusX said:

    @TazWake I guess I know what you mean. I probably just compare too much. Like if I were to compare this to SneakyMailer, which had really long and fairly 'new' or 'unique' steps required to get to user, this seems like a piece of cake.
    I usually find the user rated difficulty ratings to be far more accurate than the official ratings.

    Yeah - that can be better but only when you get a lot of ratings. There are people who rate insane boxes a 1 and I've no idea why...

    You can also use things like the number of user/root owns. If it is <30 after more than two months (Rope Two) you know it is stupidly hard. If it is > 1000 in the first week, it is probably fairly straightforward (not necessarily easy).

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • @Fr0sty9 said:

    xD yeah this is right. I dunno, this is why HTB is getting reputation for being less and less beginner friendly. Because even easy level boxes you have to do a bunch of manual stuff. At least that was my experience recently

    There are always phases as it takes about six months for a box to be released. That means if everyone today tried to make them easier, in six months we'd say "they are too easy" and everyone would make harder boxes etc.

    I do think there should be at least some active boxes a brand new skiddie can progress (its been a while since something like Blue has been released).

    For me - this box was well rated at medium.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Type your comment> @Fr0sty9 said:

    If this is EASY, then how would you rate a box on which you could get root just by running linpeas ?

    xD yeah this is right. I dunno, this is why HTB is getting reputation for being less and less beginner friendly. Because even easy level boxes you have to do a bunch of manual stuff. At least that was my experience recently

    It's funny that you say that, because I think about this regularly when people are asking about how the OSCP exam boxes compare to HTB boxes. I felt my OSCP exam boxes were all WAY easier than the latest easy boxes on HTB. Like I had 90/100 points in 10 hours on my OSCP exam.

    Then again, some people say the OSCP boxes are like mediums on here, so I guess it is half personal opinion and luck.

    Hack The Box

  • Yeah - that can be better but only when you get a lot of ratings. There are people who rate insane boxes a 1 and I've no idea why...

    @TazWake Are you talking about the guy who rated RopeTwo a 1? I laughed my ass off at that lmao. Probably just did it for the memes. But yeah I understand what you mean.

    You always need a large sample size for statistics like this to be more precise. For example I find that even hard machines are rated fairly easy according to user ratings when they're released. It's probably because the people who attempt hard boxes at release are usually more experienced/confident and find them easier. As the number of solves grow, the rating reflects the actual difficulty according to the average user better.

    AviusX

  • Type your comment> @pizzapower said:

    Type your comment> @Fr0sty9 said:

    If this is EASY, then how would you rate a box on which you could get root just by running linpeas ?

    xD yeah this is right. I dunno, this is why HTB is getting reputation for being less and less beginner friendly. Because even easy level boxes you have to do a bunch of manual stuff. At least that was my experience recently

    It's funny that you say that, because I think about this regularly when people are asking about how the OSCP exam boxes compare to HTB boxes. I felt my OSCP exam boxes were all WAY easier than the latest easy boxes on HTB. Like I had 90/100 points in 10 hours on my OSCP exam.

    Then again, some people say the OSCP boxes are like mediums on here, so I guess it is half personal opinion and luck.

    OSCP is a lot more about enumeration and a pathway to exploiting something. Rather than some random CTF where you gotta exploit something and you only find it by desperately checking everywhere.

    Hack The Box
    If I helped you, I would love it if you cold +rep me on my HTB proifle.
    Somehow OSCP

    Also I will reply quicker on Discord. Hit me up Fr0sty 9#9550

  • Yes, the difficulty of HTB boxes is, in average, going upwards, because the sample of people rating them are practicing more and completing more boxes. Surely, as an HTB participant, something I found medium 12 months ago, would probably seem much easier now; and most of us behave that way. For newcomers it must be harder.

    lebutter
    eCPPT | OSCP

  • Wow!!! I would not want anyone to smash their keyboard/monitors etc. when they pivot from user1 -> user2. For root, all the covid 19 crap is just telling you that enum is more about just running tools. Don't run them, won't help you. Just use the "-a" with listing and read. If you have to read through the entire dir don't shy away. The more you read, more you will understand.

    3zCulprit

  • Thanks, I learned a lot!

  • Great box, nice and easy for a change, although I did get hung up overlooking some simple stuff here and there, and trying to automate my manual exploit process in the beginning with bash scripts.

  • Really fun box so far, maybe one of the first I've done with minimal hints, though I think I've managed to get it wrong both times! I've read both the user and root flag files but neither hashes are being accepted by htb; if anybody is able to chat through what I've done so far and tell me I'm being dumb, I'd really appreciate it!

  • edited September 2020
    @CallumJ90
    Try resetting the box, might be because of HTBs dynamic flags

    ChefByzen
    If I helped you out at all, feel free to click my badge and give +1 respect!

  • @3zculprit said:
    enum is more about just running tools. Don't run them, won't help you. Just use the "-a" with listing and read. If you have to read through the entire dir don't shy away. The more you read, more you will understand.

    A phenominal hint. If you're still having trouble, refer to this.

    ChefByzen
    If I helped you out at all, feel free to click my badge and give +1 respect!

  • rooted. thanks @ChefByzen for a nice box - the root part was very cool

  • Probably one of my favorite boxes to date. Really good logical flow and I'd agree with other posters that the difficulty advances as you progress through the box.

    My hint for root would be to read the other posts carefully and to echo a very recent post, ensure you utilize the -a when listing directories. Enum scripts will only get you so far.

    Feel free to DM for nudges and thank you @ChefByzen for the box!

    Harbard

  • Hey there, i need a nudge.
    I have a shell, and i have to find user1.
    I searched around and i find a lot of hashes, none of them is the right one i think because they're all uncrackable.
    can someone help me?

  • Rooted!

    Straight forward but still has its own unique path/ exploits, not encountered earlier.

    Hints:
    Initial Foothold: Google. Yes its that simple but still a minor tweak.
    User 1: Enumerate everything. Each folder and each file inside.
    User 2: This is very simple. check everything inside your home.
    Root: Again. Don't leave your home. Ur bus will take you to places you never imagined

    DM for any nudges
    thanks to @ChefByzen for such an awesome box

  • @Meise said:

    Hey there, i need a nudge.
    I have a shell, and i have to find user1.
    I searched around and i find a lot of hashes, none of them is the right one i think because they're all uncrackable.
    can someone help me?

    Have you tried hashid? Are you sure they are "hashes" (i.e. are they fixed-length strings which is a good indication that something is hashed).

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • edited September 2020

    Type your comment> @TazWake said:

    @Meise said:

    Hey there, i need a nudge.
    I have a shell, and i have to find user1.
    I searched around and i find a lot of hashes, none of them is the right one i think because they're all uncrackable.
    can someone help me?

    Have you tried hashid? Are you sure they are "hashes" (i.e. are they fixed-length strings which is a good indication that something is hashed).

    yeah, they're all uknown hashes

  • @Meise said:

    yeah, they're all uknown hashes

    When you decode them, do you get anything more useful?

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • @TazWake said:
    @Meise said:

    yeah, they're all uknown hashes

    When you decode them, do you get anything more useful?

    mmh...
    i think c***.php is a bait, same the **.php files, and i think i didnt find nothing usefull on them
    thx a lot for the help anyway

  • @Meise said:

    mmh...
    i think c***.php is a bait, same the **.php files, and i think i didnt find nothing usefull on them
    thx a lot for the help anyway

    I'd double-check at least part of that assumption. Feel free to PM if you want to be more specific about which files you mean.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • edited September 2020

    @ChefByzen said:

    @CallumJ90
    Try resetting the box, might be because of HTBs dynamic flags

    Thanks for the reply! Even after resets the website wouldn't take the flags, it was only through spawning my own release arena instance I was able to submit them (if anybody happens to have the same issue).
    Overall really great box, the most fun I've had so far!

  • edited September 2020

    Rooted!

    That's the most awesome box art I've seen yet.

    User hint:
    Find the interesting file, then study how the encryption works.

    User2 hint:
    Find something that isn't meant to be shared.

    Root hint:
    Take the hint from a hidden file.

    DM if you need additional nudges.

  • Rooted. Fun box, nothing too wild. Feel free to pm for a nudge but make sure you tell me what you tried first.

    Hack The Box

  • Done. Root is quite hard as compared to the rest of the box... unusual method for sure. Make sure to check your command if you are getting errors, I've wasted hours because of a typo. Many thanks to @Hyp3rDrive for pointing it out.

  • edited September 2020

    Having an issue with the foothold for some reason... the shell I upload doesn't want to accept commands. Can anyone help?

    Edit: nvm stupid error in my code

    LMAY75
    Always happy to help, DM me if you need anything!
    Link to Profile

  • Currently I'm stucked on root :neutral: any hint is appreciated :lol:
    until now I really enjoyed the machine, one of my favourite.

Sign In to comment.