Official Passage Discussion

I’m totally stuck on getting root. I got user 2, saw something interesting on .v****** but I can’t get how to exploit it! Any hint will be highly appreciated!

Nevermind, just rooted it :smiley:

PM me if you need a hint!

@mindframe said:

I’m totally stuck on getting root. I got user 2, saw something interesting on .v****** but I can’t get how to exploit it! Any hint will be highly appreciated!

I dont know about that. My path was to enumerate, find something which allowed me do something as someone else, then I found a write up on how to use it to do something which wrote something to a place where I could use them to get priv access…

Cool box, nice flow with interesting method of obtaining root, PM me if you need a nudge.

Just got root. Thanks @ChefByzen for this great box! Definitely learned something from it.

  • Foothold: basic enumeration should lead you to what you need.
  • First user: depending on how you got foothold, the information you need is literally in front of you.
  • Second user: trust is a double-edged sword.
  • Root: this is where I got stuck for a few hours but really enjoyed after all. The tips were already given by other users.

P.S: I don’t know some people are not relating the name of the machine with the process to get root. It totally makes sense to me. :smiley:

P.S: I don’t know some people are not relating the name of the machine with the process to get root. It totally makes sense to me. :smiley:

Afterall it is even funny -:slight_smile:
However finding it was definitely not easy. A new thing for me.

I think this was one of the fastest boxes I have ever rooted (a definite record for user for me). As always, learned new things from the box, especially regarding certain services. Many thanks to @ChefByzen for an entertaining box.

So, here’s my hints:

INITIAL

  • First page will give you all you need to find a way in.
  • Process the info you get, it’s not just for show.

USER

  • Use the info you processed.

USER 2

  • Some things you just shouldn’t share if you want to keep people out.

ROOT

  • Be responsible, stay at home, and dream of being able to take public transportation.

Let me know if there are any spoilers and I’ll remove them.

As always, PM me here or on Discord. Don’t forget to tell me your progress so I can avoid spoilers.

Rooted !
I actually rooted it the first time because someone dropped a very sensitive file in /tmp, and I thought that was it… Stupid me, lol. Nonetheless, please clean up your workplace before leaving.
A friend of mine told me that wasn’t supposed to be the way, so I went back to try and see if I could do it without benefiting of someone else’s carelessness.
And I did ! For some reason it took me ages to get the command to work fine, but eventually I got root.
Fun box, thanks @ChefByzen !

Oh, and I agree that the name of the box is very related to the way you become root. Maybe it makes more sens in some languages than others ?

Fun box! recommended as the first box media to start
Congrats @ChefByzen !

Pm for nudges :wink:

@crash0 said:
Rooted.
Whilst the foothold and the users were a good teaching, I think the root was a bit on the CTF side of things. After many enumeration scripts returning nothing, how on Earth should that path be visible?

I was out of hairs when I tried something dumb and it resulted in a good privesc blog post, tbh.

Congrats on rooting it!

I’m glad you were able to learn something about manual enumeration and finding user files :slight_smile: scripts don’t have all the answers… And they’ll likely get you caught if you’re not careful with them.

Is anyone else having problems with the box always being down. Its been one complete day and I couldn’t even perform a proper enumeration because the box is always down.

Really fun box, taught me to always go back to basics, never overlook them. PM me if you’re stuck.

Type your comment> @blacViking said:

Is anyone else having problems with the box always being down. Its been one complete day and I couldn’t even perform a proper enumeration because the box is always down.

There is Fail2Ban implemented. If you bruteforce anything it will ban your IP for couple of minutes.

Hi Guys,

After getting in any hints for 1st user ?? Have stuck a bit…

@xxTMGxx said:

Hi Guys,

After getting in any hints for 1st user ?? Have stuck a bit…

It really depends on where and why you are stuck. Visit in a browser, read the links, found out whats there, exploit it, get a shell.

Great and enjoyable machine. Get a shell is easy just Google it, first and second user took me some time to figure out the way and root password lot of searching and looking around. PM if you need some help.

Type your comment> @TazWake said:

@xxTMGxx said:

Hi Guys,

After getting in any hints for 1st user ?? Have stuck a bit…

It really depends on where and why you are stuck. Visit in a browser, read the links, found out whats there, exploit it, get a shell.

Got shell and inside as www-data

@xxTMGxx said:

Got shell and inside as www-data

Ok to move from that account to the next one, you need to enumerate. Find something. Make it readable. Crack it. Use it.

Hi !
I’ve easely got the user1 but im stuck on user2 i’ve seen that user2 leave something in the home of user1, but he ask me for… what you know.
Is there a part of guessing or am I missing something ?

Thanks :slight_smile:

Type your comment> @Worty said:

Hi !
I’ve easely got the user1 but im stuck on user2 i’ve seen that user2 leave something in the home of user1, but he ask me for… what you know.
Is there a part of guessing or am I missing something ?

Thanks :slight_smile:

A joke I made elsewhere today is that a lot of this is guesswork, we just call it fuzzing/enumeration to sound better.

It depends on what you mean by user1 and user2 in this context, to get a shell as root you may have gone through three “accounts” on the box (root being the fourth) but some people dont consider one of them a “user” so may skip it in their counting.

What I would suggest is to enumerate. If you can describe what you find, you might find what you need.

Type your comment> @TazWake said:

Type your comment> @Worty said:

Hi !
I’ve easely got the user1 but im stuck on user2 i’ve seen that user2 leave something in the home of user1, but he ask me for… what you know.
Is there a part of guessing or am I missing something ?

Thanks :slight_smile:

A joke I made elsewhere today is that a lot of this is guesswork, we just call it fuzzing/enumeration to sound better.

It depends on what you mean by user1 and user2 in this context, to get a shell as root you may have gone through three “accounts” on the box (root being the fourth) but some people dont consider one of them a “user” so may skip it in their counting.

What I would suggest is to enumerate. If you can describe what you find, you might find what you need.

By user1 i mean the user which contains in his home folder user.txt !