Official Passage Discussion

Thanks for this nice box, it was straightforward except for root.

I think exploiting the vuln described in the blog post would be more interesting if applied to a different case. I mean a case for which you can’t just copy paste what’s on the blog. Would be a harder box though.

Would be nice if you guys can DM the way you “weaponized” the vuln for root, I am interested in ways different than what I did.

Got root with a little nudge from @TazWake.

This is a very nice machine imho. Also here are very good hints, so no need for me to say anything.

Feel free to message me if you want a little nudge.

Finally root!! great box! thank you @ChefByzen took me tons of hours on this one :smiley:

root@passage:~# hostname && id
passage
uid=0(root) gid=0(root) groups=0(root)

Initial= zoom in then google. :wink:
User1 = find that user!
User2 = you shouldn’t be sharing this
Root = know your rights and remember, there’s no place like home.

I’d like to thank my wife for the motivational death stares. Time to sleep! :smiley:

Type your comment> @bigoteman said:

I’d like to thank my wife for the motivational death stares. Time to sleep! :smiley:

It’s beautiful. :heart:

Just rooted this box! It’s rated as a medium, but I quickly got the foothold and first user so I thought it was just an easy.

At that point, my enumeration and my instincts told me I need to pivot to another user that I found to get to root. That pivot slowed me down and then a good hint helped me get to user 2. I’m ashamed I overlooked that. SMH.

From there, the escalation to root is what made this box a medium.

DM if you need a nudge.

Anyone else have problems submitting flags for this box? Mine aren’t being accepted…

@thehandy said:

Anyone else have problems submitting flags for this box? Mine aren’t being accepted…

This might help: Cache - #466 by TazWake - Machines - Hack The Box :: Forums

Got it rooted, thanks!

Rooted!! Had some great nudges for user. After that it was basic enumeration.

I am taking my OSCP next Friday and I can say that this machine embodies so much of the material that I have learned. In my opinion, this encompasses so much of what you need.

Also, your knowledge of programming and scripting will make this machine a piece of cake. Either that or you will have to do some things manually which will take forever but will still work. This is actually the main reason it is so good for OSCP. PRACTICE YOUR SCRIPTING, PEOPLE

Rooted. If you need some help, DM me.

Spoiler Removed

Just rooted the box having read the tips here but I’m still trying to wrap my head around how y’all knew to look into the public transportation thing for the root part. I would have never looked that way if not for the comments. Could someone please enlighten me? Thanks! :smile:

Great box. Easy for foothold but gets more interested along the way.
Also, very cool root part. After reading the paper I understood the name :smile:

Feel free to DM me for some nudges.

woohoo. finally got root. made the root part harder on myself then actually necessary. in retrospective a relative easy medium machine, everything is quite intuitive to follow and no actual rabbit holes if you stick to the basics. user1 → user2 is a bit tricky but best friends like to share everything, dont they :wink:

Type your comment> @thehandy said:

Anyone else have problems submitting flags for this box? Mine aren’t being accepted…

Yes. I’ve reached user.txt yesterday and it didn’t work. Started over today and it gave me the same hash

@rmasterhacker My problem ended up being I had the free VPN pack instead of the VIP pack, so I was trying to enter a key that didn’t correspond to my current profile’s network. Maybe try regenerating your VPN connection pack to make sure you’re aligned.

@rmasterhacker said:

Type your comment> @thehandy said:

Anyone else have problems submitting flags for this box? Mine aren’t being accepted…

Yes. I’ve reached user.txt yesterday and it didn’t work. Started over today and it gave me the same hash

Almost certainly somethiing has broken - I’d raise a Jira ticket.

Rooted, fun box!

Foothold: Old news
User 1: A pretty unusual take on a common place to find creds
User 2: Painfully easy to the point I ignored it for hours
Root: A new one for me, had to use the hints in here after going deep down a RE black hole but the hints made sense to me and found it easily after reading them

I’ve just looked at this box as my first one in a couple of months and it is probably the quickest foothold I’ve ever got. Sure I’ll do my usual trick of getting bogged down from here on in, but I’m taking that as a win.

Rooted the box thanks to some hints on here. I am curious, I identified the correct way to root based on the hints on here about getting on a certain form of transportation. I really don’t know how long I would have been looking if not for this hint, as nothing was sticking out. Did people who found this box easy simply notice this as an unusual thing to be on a box, based on experience? Or was there something even a noob like myself should have noticed with enough enum? Learned some really interesting stuff from it, many thanks @ChefByzen