Official Passage Discussion

@TazWake said:
@Meise said:

yeah, they’re all uknown hashes

When you decode them, do you get anything more useful?

mmh…
i think c***.php is a bait, same the **.php files, and i think i didnt find nothing usefull on them
thx a lot for the help anyway

@Meise said:

mmh…
i think c***.php is a bait, same the **.php files, and i think i didnt find nothing usefull on them
thx a lot for the help anyway

I’d double-check at least part of that assumption. Feel free to PM if you want to be more specific about which files you mean.

@ChefByzen said:

@CallumJ90
Try resetting the box, might be because of HTBs dynamic flags

Thanks for the reply! Even after resets the website wouldn’t take the flags, it was only through spawning my own release arena instance I was able to submit them (if anybody happens to have the same issue).
Overall really great box, the most fun I’ve had so far!

Rooted!

That’s the most awesome box art I’ve seen yet.

User hint:
Find the interesting file, then study how the encryption works.

User2 hint:
Find something that isn’t meant to be shared.

Root hint:
Take the hint from a hidden file.

DM if you need additional nudges.

Rooted. Fun box, nothing too wild. Feel free to pm for a nudge but make sure you tell me what you tried first.

Done. Root is quite hard as compared to the rest of the box… unusual method for sure. Make sure to check your command if you are getting errors, I’ve wasted hours because of a typo. Many thanks to @Hyp3rDrive for pointing it out.

Having an issue with the foothold for some reason… the shell I upload doesn’t want to accept commands. Can anyone help?

Edit: nvm stupid error in my code

Currently I’m stucked on root :neutral: any hint is appreciated :lol:
until now I really enjoyed the machine, one of my favourite.

Uh, I fell really dumb.
I’m looking for the interesting file to gain access to User 1.

I know what I should find in, I’m sure I missed it, but I can’t find it…
Spoiler Removed

Am I on the right path ?

Thanks !

Type your comment> @Sigerbjorn said:

Uh, I fell really dumb.
I’m looking for the interesting file to gain access to User 1.

I know what I should find in, I’m sure I missed it, but I can’t find it…

Am I on the right path ?

Thanks !

yes

@Shides said:

Currently I’m stucked on root :neutral: any hint is appreciated :lol:
until now I really enjoyed the machine, one of my favourite.

Enumerate. Look for something which has certain settings that you can use to your advantage.

Anyone else having an issue where the hash for p**l isn’t there? Am i just blind lol

@LMAY75 said:

Anyone else having an issue where the hash for p**l isn’t there? Am i just blind lol

Double-check to make sure it isn’t there. Be sure what you are looking for.

Type your comment> @LMAY75 said:

Anyone else having an issue where the hash for p**l isn’t there? Am i just blind lol

I was a lazy guy and I missed it twice while reading the file. When you have a lot of text in front of you, look carefully, understand what you are looking. It helps a lot :smiley:

Rooted !

That was a cool ride.
I overwhelmed the Foothold and the User !
Once those two passed, it was pretty easy and straightforward.

DM me if you need a nudge.

I posted my views on this on the cyber badger and HTB official discords… Good box @ChefByzen … some of it felt a little too CTFy to me but then of course that is the way life works sometimes.

Foothold - some googling will land you at a starting point, some digging will land you at a method to gain access to a low-priv shell. [Pre-made works, but you won’t learn from it. use premade afterwards!]
User - Look at what is available to you with your low-priv shell. Search for juicy files that could net you loot. Trust me, you haven’t looked hard enough yet if you are stuck here. its all available for you.
Privesc - pay attention to what you have access to. attention to detail will get you moving forward
Root - more enumeration and google-fu will land you an article, read up and execute for your soon to be root shell

root@passage:~# id
uid=0(root) gid=0(root) groups=0(root)

Shoutout to @TazWake for the help

I’m curious about the priv esc, what other commands can be run through there/how else can I use it? PM me if you know more about it.

rooted!

Initial foothold was easy and user makes sense if you look right in front of your nose and think whether admins reuse same things for multiple people. I had a pretty good idea with how to get root but trying to understand the service and its syntax took me a bit.

Fun box nonetheless.
Send me a PM if you need help or nudges.

Got my first user.txt without looking at any hints here, pretty happy :), maybe I got lucky.

Working on root now !

Type your comment> @Xalfy said:

Got my first user.txt without looking at any hints here, pretty happy :), maybe I got lucky.

Nice. Good luck on root.