Official Passage Discussion

@xenofon said:
i am in p*ul directory but when i try to pass the user.txt (flag for user) htb says incorrect flag…?anyone know why this happening

ok its done ,sorry

any nudge for root?

0wned

for rooting there are multiple boxes that you can do the technique i used,just remember to enumerate maybe are hidden files…and spy

Rooted, the hardest part for me was getting the first user after the foothold. After that it went really quick. I feel like I just had some lucky intuition today though. Very fun box.

Type your comment> @ml19 said:

Initial foothold took me longer than it should have taken, simply following the information given.
User1, was on right piece but ignored it first
User2, facepalm
root, once knowing where to look for, easy to find the right way

i felt the facepalm thing

Thanks for this nice box, it was straightforward except for root.

I think exploiting the vuln described in the blog post would be more interesting if applied to a different case. I mean a case for which you can’t just copy paste what’s on the blog. Would be a harder box though.

Would be nice if you guys can DM the way you “weaponized” the vuln for root, I am interested in ways different than what I did.

Got root with a little nudge from @TazWake.

This is a very nice machine imho. Also here are very good hints, so no need for me to say anything.

Feel free to message me if you want a little nudge.

Finally root!! great box! thank you @ChefByzen took me tons of hours on this one :smiley:

root@passage:~# hostname && id
passage
uid=0(root) gid=0(root) groups=0(root)

Initial= zoom in then google. :wink:
User1 = find that user!
User2 = you shouldn’t be sharing this
Root = know your rights and remember, there’s no place like home.

I’d like to thank my wife for the motivational death stares. Time to sleep! :smiley:

Type your comment> @bigoteman said:

I’d like to thank my wife for the motivational death stares. Time to sleep! :smiley:

It’s beautiful. :heart:

Just rooted this box! It’s rated as a medium, but I quickly got the foothold and first user so I thought it was just an easy.

At that point, my enumeration and my instincts told me I need to pivot to another user that I found to get to root. That pivot slowed me down and then a good hint helped me get to user 2. I’m ashamed I overlooked that. SMH.

From there, the escalation to root is what made this box a medium.

DM if you need a nudge.

Anyone else have problems submitting flags for this box? Mine aren’t being accepted…

@thehandy said:

Anyone else have problems submitting flags for this box? Mine aren’t being accepted…

This might help: Cache - #466 by TazWake - Machines - Hack The Box :: Forums

Got it rooted, thanks!

Rooted!! Had some great nudges for user. After that it was basic enumeration.

I am taking my OSCP next Friday and I can say that this machine embodies so much of the material that I have learned. In my opinion, this encompasses so much of what you need.

Also, your knowledge of programming and scripting will make this machine a piece of cake. Either that or you will have to do some things manually which will take forever but will still work. This is actually the main reason it is so good for OSCP. PRACTICE YOUR SCRIPTING, PEOPLE

Rooted. If you need some help, DM me.

Spoiler Removed

Just rooted the box having read the tips here but I’m still trying to wrap my head around how y’all knew to look into the public transportation thing for the root part. I would have never looked that way if not for the comments. Could someone please enlighten me? Thanks! :smile:

Great box. Easy for foothold but gets more interested along the way.
Also, very cool root part. After reading the paper I understood the name :smile:

Feel free to DM me for some nudges.

woohoo. finally got root. made the root part harder on myself then actually necessary. in retrospective a relative easy medium machine, everything is quite intuitive to follow and no actual rabbit holes if you stick to the basics. user1 → user2 is a bit tricky but best friends like to share everything, dont they :wink: