Official Passage Discussion

got the root flag…

foothold-> to get root need some google enumeration the path is straight forward as you did for older version.
ping me if you need help

Rooted!

This was an interesting machine! Probably the foothold is the easiest of all but still the machine is not that hard. Here my hints:

  • Initial Foothold: Basic Enumeration is your friend. Do not try to bruteforce.
  • User 1: check on how the framwork works and you’ll get what you need
  • User 2: find whatever these users are sharing between them
  • Root: Basic system enumeration will tell you what to do

Hope this helps!

Type your comment> @maskop9 said:

Initial foothold : Google
User1 : Look around
User2 : Look around
root : Corona time, catch a bus and get back home; don;t come out #staysafe

I know this is months late but I am just getting to this box. thank you. I hate looking for hints some times but this box had me really stumped until I read this

nice box,

unfortunately I only got user2 with root
What have I learned?
some users would even share the toothbrush … :smiley:
unbelievable… .

Thx @ChefByzen

hmm, got foothold (nice one)
got user 1, user 2 but can use a hint to get root.
“stay home, public transportation and covid so use a mask” left me clueless :neutral:

bang, hit by a bus, rooted :smiley:

My second box on here. Pretty cool stuff!
I had gotten stuck after foothold for several hours but it seemed that I overlooked some files I found some time earlier so I looked at some hints on here and checked again and voila.
I actually tried the bus thing while I was trying to get user 1, so going back to that, it just took me 2-3 minutes to get root after user 2. And thankfully I didn’t spend a lot of time to get user 2. That was very unexpected indeed.

If anyone is stuck, do what I did and read every comment from page 1. Really good hints in here.

Rooted. Great machine. Thanks @ChefByzen.

Rooted. Some good hints in this forum, but if you’re stuck feel free to DM me with where you’re at and what you’ve tried so far.

Nice box and some neat details… Specially the last user’s name :slight_smile:

This was a really nice box ! Thanks @ChefByzen

Preparing for OSCP exam this box was my second active machine here. I’m not coming from IT background but I fairly enjoyed working all the way through to get root. Have learnt heaps Thanks @ChefByzen

Noob here but I’m trying to open the IP address in a web browser and Its just loading forever. Any advice would be great, sorry Im new to this but its an amazing skill to have.

Sorry for the noob question (long time without cracking boxes) Does anyone able to ssh it with user/pass only? Got some passes but cannot ssh’them. Thanks!

@deibit said:

Sorry for the noob question (long time without cracking boxes) Does anyone able to ssh it with user/pass only?

I dont think so. I think it is key based auth only.

Got some passes but cannot ssh’them. Thanks!

If they are useful, there might be other things you can do.

Type your comment> @TazWake said:

@deibit said:

Sorry for the noob question (long time without cracking boxes) Does anyone able to ssh it with user/pass only?

I dont think so. I think it is key based auth only.

Got some passes but cannot ssh’them. Thanks!

If they are useful, there might be other things you can do.

Thanks @TazWake . I already exploit it and upload a shell, from that point I’m stuck. I did the recon part but no clues trying to find the way to be “one of the two…”.

@deibit said:

Thanks @TazWake . I already exploit it and upload a shell, from that point I’m stuck. I did the recon part but no clues trying to find the way to be “one of the two…”.

Ok - its all down to enumeration to get the user flag.

Finally rooted. Foothold, user1 and user2 are no real challenge.

Root was new for me, I definitely learned some new tricks for my upcomming OSCP exam.

The most important is to read the outputs of my tools and not just flow over some basic stuff. The enumscript I use told me already at user1 about the privesc I used to get root, but at an unexpected place, which I didn’t give much attention until now. It even told me about the presence of U** Cr. Following the link there was a general description to the mechanisms used. The step-by-step exploit for U C**r was also linked. I wish I read this line before reading the whole forum and googling a lot about public transport systems…

Thanks for the box, for me it was a perfect medium box.

Got user. I think that the best nudge so far I can give to get user is…upgrade your “tools”.

root@passage:~# hostname
passage
root@passage:~# id
uid=0(root) gid=0(root) groups=0(root)

Great box! Thanks @ChefByzen for the learning experience. Root was particularly challenging for me but I also learned a lot along the way.

For anyone stuck on root my advice is Google stuff you find, and don’t overlook articles from well known companies - my issue was that the information I needed was in an article I overlooked because I assumed it wouldn’t have the tech details.

Since passage expired, can we add spoilers or ask questions?

I’ve seen many people using the av**** way while I used a straight script which directly gave me RC* and has***.

IppSec also did it the av**** way.