Official Passage Discussion

I am stuck on root stage. Can anyone help me? I found ib*s but I am not sure, is it true way?

any help?! … i’m stuck with the last part of rooting … i got this error “Permission denied (publickey)”

@Wh1rlw1nd said:

any help?! … i’m stuck with the last part of rooting … i got this error “Permission denied (publickey)”

That implies you dont have the right key to SSH in. If you get other messages as well, then it could be as simple as the key doesn’t have the right permissions so isn’t being used.

A little confused here, got foothold and now www shell. I have found the hash for the 2 users and got the a1 password for p. I’m stuck at this point, not too sure how to proceed. I know p needs a publickey for ssh based on ssh failed results and config file.

@OmegaGator said:

A little confused here, got foothold and now www shell. I have found the hash for the 2 users and got the a1 password for p. I’m stuck at this point, not too sure how to proceed. I know p needs a publickey for ssh based on ssh failed results and config file.

Have you tried switching user?

I keep getting errors when submitting flags

@framik said:

I keep getting errors when submitting flags

This is a common issue. HTB uses dynamic hashes and sometimes they don’t work. The hashes should change after every reset and be different on different VPNs - this means that hashes should be used as soon as you get them and that sometimes the process which registers the new hash in the scoring server will break.

If it is a box that is being hit with resets, it becomes imperative that the hash is used immediately as a reset will render it invalid.

Your choices are really:

  • Wait a while, repwn the box and get a working a hash.
  • Report it to HTB via a jira ticket and get them to fix the problem.

This isn’t something that can be fixed by the forum or by tips from other users.

Yup yup. Just wanted to make it know. I reset the box multiple times. Stopped it and started it. just coudlnt get it change.

If I found a file that contains some lines of strings that look to contain some of the same parts (encrypted strings), should I try to investigate these or am I going down a rabbit hole?

Just rooted. Pretty fun box, and well rated for its difficulty. Learned something new about certain transport mechanisms. Major props to @ChefByzen for making this one.

Hints:
foothold: basic web enumeration and google, you don’t need to fuzz the webpage or brute force a log in
user1: search around and remember you may not be able to read things as they are
user2: sometimes sharing things at home can be dangerous
root: enumeration and google is all I can really say. You can find something close by which can point you in the direction you need to go

My pms are open if anyone needs a nudge, but Im not sure how often Ill be able to check

When I have the recipe to create a file as r***, how do I use it to go forward? My mind is completely stuck here…

Never mind. Rooted :smile:

whoami && id && hostname
root
uid=0(root) gid=0(root) groups=0(root)
passage

Rooted! Great and nice box! Thanks @ChefByzen

From a technical point of view, I think this box is really good and @ChefByzen did a great job here.

However, for me the root part seems like you either find it yourself or you don’t. I think it’s hard to miss and I would not have made it without a hint.

Some nudges here are really helpful: I would add that you do not need to dive very deep into the place where you are supposed to stay according to the nudges.
It’s more of a subtle thing you will find which leads you to root (most probably) after you google it.

I think there is no shame in asking for a hint here.

I can’t get root, looks like something is wrong.

@mehulsharky007 said:

I can’t get root, looks like something is wrong.

I mean to say that there is no b c**** s****** running.

Interesting box, user is rather easy, and most hints here are on the ball, so I have nothing new to share.

I don’t have anything to share about the first PE, other than it took me down memory lane. I actually have seen that in a real life engagement. So, it did bring me a smile.

Now, root was a beast for me and it took me quite a few hours.

From the comments here, there’s a way to get it that I have no idea what it was. I did take public transport to get root, but I am guessing it was a different route, using a bit of Imagenation to create a way out, so I’d like to learn more about what others used.

Apparently my Google-fu (or Duck-Duck-Go-Fu) is not that strong, because I doubt I found the right article.

Rooted, however this was a strange bus ride, enjoyable though!

Yayyyy, Got root
badge

94.53% towards Hacker

My shell gets aborted shortly after i set it up :frowning: anyone else with the same issue? any fix? is it related to the fail2ban comment? Site becomes unresponsive from time to time

EDIT: Pretty sure it the F2B thing. Not sure why it is triggering as I’m not bruteforcing, just setting up a reverse shell. It get aborted within 5 minutes and I have to restart everything, which makes enumerating a great pain in the ■■■. Any clue to bypass it?