Official Passage Discussion

Type your comment> @TazWake said:

@xxTMGxx said:

Hi Guys,

After getting in any hints for 1st user ?? Have stuck a bit…

It really depends on where and why you are stuck. Visit in a browser, read the links, found out whats there, exploit it, get a shell.

Got shell and inside as www-data

@xxTMGxx said:

Got shell and inside as www-data

Ok to move from that account to the next one, you need to enumerate. Find something. Make it readable. Crack it. Use it.

Hi !
I’ve easely got the user1 but im stuck on user2 i’ve seen that user2 leave something in the home of user1, but he ask me for… what you know.
Is there a part of guessing or am I missing something ?

Thanks :slight_smile:

Type your comment> @Worty said:

Hi !
I’ve easely got the user1 but im stuck on user2 i’ve seen that user2 leave something in the home of user1, but he ask me for… what you know.
Is there a part of guessing or am I missing something ?

Thanks :slight_smile:

A joke I made elsewhere today is that a lot of this is guesswork, we just call it fuzzing/enumeration to sound better.

It depends on what you mean by user1 and user2 in this context, to get a shell as root you may have gone through three “accounts” on the box (root being the fourth) but some people dont consider one of them a “user” so may skip it in their counting.

What I would suggest is to enumerate. If you can describe what you find, you might find what you need.

Type your comment> @TazWake said:

Type your comment> @Worty said:

Hi !
I’ve easely got the user1 but im stuck on user2 i’ve seen that user2 leave something in the home of user1, but he ask me for… what you know.
Is there a part of guessing or am I missing something ?

Thanks :slight_smile:

A joke I made elsewhere today is that a lot of this is guesswork, we just call it fuzzing/enumeration to sound better.

It depends on what you mean by user1 and user2 in this context, to get a shell as root you may have gone through three “accounts” on the box (root being the fourth) but some people dont consider one of them a “user” so may skip it in their counting.

What I would suggest is to enumerate. If you can describe what you find, you might find what you need.

By user1 i mean the user which contains in his home folder user.txt !

@Worty said:

By user1 i mean the user which contains in his home folder user.txt !

And other things. Have a look at them.

Type your comment> @TazWake said:

@Worty said:

By user1 i mean the user which contains in his home folder user.txt !

And other things. Have a look at them.

And in this home i’ve seen something owned by user2 (n****) but when I try to switch to this user he ask me a kind of password :wink: .

@Worty said:

And in this home i’ve seen something owned by user2 (n****) but when I try to switch to this user he ask me a kind of password :wink: .

Its worth looking for a thing which will let you access without any kind of password.

Rooted the machine, it was a fun box. User and Root both were interesting
Thanks @PapyrusTheGuru for the nudges.

User1->User2:They both share the same way to get in
For people on the root part, you just need to look at the other files too in the home.

PM if you need help

And rooted. The foothold was one of the trickiest parts. I was so confused when i couldn’t find the directory until I realized that capitalization is important.
Thanks to @ChefByzen for the awesome box

Rooted machine !

I liked a lot this machine. For the users part it was very easy but the root part very difficult to find what ti is juice. I appreciate who nudge me to root, address me where to look in.

cant figure out the right binary for root!
a little help guyz

just rooted this box, but the way I rooted it was more of guess work, does anyone care to PM me about how you got to know about this exploit. And someone in the discussion said that there are more then one way to get to root, anyone wants to discuss about it?

hey everyone ! I’ve been stuck on root for a long time and clues here don’t really help me… Tried a bunch of stuff, enumerated a lot but I’m clearly missing something (but I’m a beginner)…

@Slowtech said:

hey everyone ! I’ve been stuck on root for a long time and clues here don’t really help me… Tried a bunch of stuff, enumerated a lot but I’m clearly missing something (but I’m a beginner)…

When you enumerate, look at all the files you can find which would normally come up on a enum search. Check them out and see if any can be exploited. There is a good blog post on how to use it.

Rooted,
Fun box :slight_smile: - awesome work @ChefByzen
Thank you @TazWake for the initial nudge :slight_smile:

Rooted !
Thanks @TazWake and @ChefByzen for the nudge, I totally missed the file, thinking it was not supposed to be here…
Really fun box, learned a lot on this one

Wonderful machine! Thanks @ChefByzen. Root was fantastic - I’m happy that I could study (and exploit) that vulnerability.

Very Interesting and fun box … First box on HTB that I did in one day :smiley:

Initial Foothold :

  • Look through the website properly you will find clues
    User 1:
  • Result of initial foothold is sufficient enough to get you this user
    User 2:
  • Dig through all the files and you will find interesting stuff
    User 3:
  • Its just a call away…Keep your brain’s window wide open
    Root:
  • So far the only trickiest thing in the whole box … follow previous hints “Stay Home” the passage to other world goes underground.

DM me for nudges . Lovely box

got both users fast but stuck on root for several days… cant find anything interesting in home directory :frowning: my thoughts were that i can do smthing with .X**** file but i still cant find decision. can anyone help me please to take me in right way? PM or here.
thank you! :slight_smile: