Official Passage Discussion

145791012

Comments

  • Type your comment> @TazWake said:

    @MillyBilligan said:

    Hey guys! I need a hint. So i have a ww-dta shell, got decrypted creds to ************* but i can't drop to theirs accounts because w**-d*ta shell don't take input, like su and ssh requires a key file. I should enumerate next too?

    Have you tried getting a better shell?

    Yea, i tried to upgrade shell but nothing...I should search a file on machine that can help me?

  • @MillyBilligan said:

    Yea, i tried to upgrade shell but nothing...I should search a file on machine that can help me?

    It might be better to try and work out why the upgrade isn't working. I dont think there is anything else on the machine which would be useful.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • I've got both user but now I am stuck at root. I've found the relevant article but I am not sure what to do after it, as far as I understand the exploit helps make r*** owned files, but I am not sure how I should be using it (considering the fact that I've logged as User2 but I don't have the password so I can't use sudo either).

    A nudge would be much appreciated.

  • Type your comment> @0xR3tr0z said:

    I've got both user but now I am stuck at root. I've found the relevant article but I am not sure what to do after it, as far as I understand the exploit helps make r*** owned files, but I am not sure how I should be using it (considering the fact that I've logged as User2 but I don't have the password so I can't use sudo either).

    A nudge would be much appreciated.

    You don't need to use sudo, just stay at home make sure to liste all files, you will see something interesting !

    Why 50 53R10U5

  • STOP RESETTING THE MACHINE.
    THE RESET BUTTON IT'S NOT A "PRESS ME I'M A FUNNY BUTTON"

  • Type your comment> @PinguBlasfemo said:
    > STOP RESETTING THE MACHINE.
    > THE RESET BUTTON IT'S NOT A "PRESS ME I'M A FUNNY BUTTON"

    Check the shoutbox to cancel unnecessary resets in your VPN pool.

    A Chemist doing Penetration Testing - Check the Story here: BinaryBiceps

  • Type your comment> @TazWake said:

    @Shides said:

    Currently I'm stucked on root :neutral: any hint is appreciated :lol:
    until now I really enjoyed the machine, one of my favourite.

    Enumerate. Look for something which has certain settings that you can use to your advantage.

    Finally rooted!

    Thank you for your reply man.

    (AFAIC, I think that hints like "stay home" are confusing)

  • Type your comment> @0xR3tr0z said:

    I've got both user but now I am stuck at root. I've found the relevant article but I am not sure what to do after it, as far as I understand the exploit helps make r*** owned files, but I am not sure how I should be using it (considering the fact that I've logged as User2 but I don't have the password so I can't use sudo either).

    A nudge would be much appreciated.

    Read the exploit docs, think of how else it can be used. Get creative, there are at least 3 ways to do it.

    LMAY75
    Always happy to help, DM me if you need anything!
    Link to Profile

  • Spoiler Removed

  • I do not understand why some people paste shadow, passwd, and root.txt file in low-priv user. Please do not spoil this great platform and the learning of other users.

  • I don't understand why people reference rockyou the way they have above? its standard knowledge that if cracking is required, they will generally fall in rockyou or other publicly avail password lists..
    Same goes for starring out part of www-data and other very easily enumerated users on boxes

  • really stuck on user 2 , saw people talking about staying at home, but the only interesting file I found in home is .ICE******. I tried all the strings that looked like passwords but none worked. Anybody got a hint?

  • Curious of what spoiler I posted?
  • edited September 2020

    Just completed. Route through users was quite typical and straightforward, however root was really quite new for me. Without hints from forum routing would be rather difficult. Another subject to a deeper study. Really nice box!

    m4rc1n

  • Rooted this box. But i got some question to people who have found the vulnerability for the rootpart by themselves. Can someone PM me ?

    Jugulairel

  • @astrozombie said:

    Curious of what spoiler I posted?

    I've no idea and people do report things for varied reasons. If you mentioned a CVE number or specific exploit it is likely to be reported.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • edited September 2020
    Type your comment> @TazWake said:
    > @astrozombie said:
    >
    > (Quote)
    > I've no idea and people do report things for varied reasons. If you mentioned a CVE number or specific exploit it is likely to be reported.

    Thanks for the reply. I didn’t have anything like that but wanted to ensure I’m not breaking any rules here inadvertently. I try to keep it pretty vague with any hints.

    Cheers
  • Type your comment> @TazWake said:

    > But there's a lot of data to work through. Unfortunately, this is realistic - you might do a pentest and land on a box which has 30 user's documents and you have to go through terabytes of tedious stuff to see if they've left credentials out.
    >

    Not only is this a fair hint, it is an absolute must for a solid PenTest methodology. Thank you @Tazwake

    In an attempt to follow the guidance with my own hint: as you progress to each user, pretend you are home shopping, look in every corner.

    Great work @ChefByzen for this box.
  • Rooted! I really enjoyed this one, a much needed linux box after tearing my hair out on a couple windows boxes.
    PM for nudges

  • edited September 2020

    Rooted.
    Whilst the foothold and the users were a good teaching, I think the root was a bit on the CTF side of things. After many enumeration scripts returning nothing, how on Earth should that path be visible?

    I was out of hairs when I tried something dumb and it resulted in a good privesc blog post, tbh.

  • Rooted.
    Very interesting machine! Thanks @ChefByzen for your work. Also thanks for @thegingerninja, @TazWake and @gunroot for hints :3

  • edited September 2020

    I'm totally stuck on getting root. I got user 2, saw something interesting on .v****** but I can't get how to exploit it! Any hint will be highly appreciated!

    Nevermind, just rooted it :smiley:

    PM me if you need a hint!

  • @mindframe said:

    I'm totally stuck on getting root. I got user 2, saw something interesting on .v****** but I can't get how to exploit it! Any hint will be highly appreciated!

    I dont know about that. My path was to enumerate, find something which allowed me do something as someone else, then I found a write up on how to use it to do something which wrote something to a place where I could use them to get priv access..

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • Cool box, nice flow with interesting method of obtaining root, PM me if you need a nudge.

    LordImhotep
  • Just got root. Thanks @ChefByzen for this great box! Definitely learned something from it.

    • Foothold: basic enumeration should lead you to what you need.
    • First user: depending on how you got foothold, the information you need is literally in front of you.
    • Second user: trust is a double-edged sword.
    • Root: this is where I got stuck for a few hours but really enjoyed after all. The tips were already given by other users.

    P.S: I don't know some people are not relating the name of the machine with the process to get root. It totally makes sense to me. :smiley:


    Feel free to send me a DM if you need some help. Just remember to tell me what you have already done so I don't spoil anything.

  • P.S: I don't know some people are not relating the name of the machine with the process to get root. It totally makes sense to me. :smiley:

    Afterall it is even funny -:)
    However finding it was definitely not easy. A new thing for me.

    m4rc1n

  • edited September 2020

    I think this was one of the fastest boxes I have ever rooted (a definite record for user for me). As always, learned new things from the box, especially regarding certain services. Many thanks to @ChefByzen for an entertaining box.

    So, here's my hints:

    INITIAL

    • First page will give you all you need to find a way in.
    • Process the info you get, it's not just for show.

    USER

    • Use the info you processed.

    USER 2

    • Some things you just shouldn't share if you want to keep people out.

    ROOT

    • Be responsible, stay at home, and dream of being able to take public transportation.

    Let me know if there are any spoilers and I'll remove them.

    As always, PM me here or on Discord. Don't forget to tell me your progress so I can avoid spoilers.

    Hack The Box
    Discord: AzAxIaL#8633

  • Rooted !
    I actually rooted it the first time because someone dropped a very sensitive file in /tmp, and I thought that was it... Stupid me, lol. Nonetheless, please clean up your workplace before leaving.
    A friend of mine told me that wasn't supposed to be the way, so I went back to try and see if I could do it without benefiting of someone else's carelessness.
    And I did ! For some reason it took me ages to get the command to work fine, but eventually I got root.
    Fun box, thanks @ChefByzen !

    Oh, and I agree that the name of the box is very related to the way you become root. Maybe it makes more sens in some languages than others ?

  • Fun box! recommended as the first box media to start
    Congrats @ChefByzen !

    Pm for nudges ;)

  • @crash0 said:
    Rooted.
    Whilst the foothold and the users were a good teaching, I think the root was a bit on the CTF side of things. After many enumeration scripts returning nothing, how on Earth should that path be visible?

    I was out of hairs when I tried something dumb and it resulted in a good privesc blog post, tbh.

    Congrats on rooting it!

    I'm glad you were able to learn something about manual enumeration and finding user files :) scripts don't have all the answers... And they'll likely get you caught if you're not careful with them.

    ChefByzen
    If I helped you out at all, feel free to click my badge and give +1 respect!

Sign In to comment.