Official PersistenceIsFutile Discussion

Finally fixed all backdoors. First of all, a lot of thanks and huge respect to @0xdf for this box, had a LOT of fun and promoted my skils. The challenge is all about observing things and asking questions like “why”, “where”, “when” etc.

Before you read further, I strongly advice you to try pass the challenge by yourself. It can be confusing, but not impossible, If you do it on your own you will get some good growth. But if you are really, REALLY stuck, here are some nudges

1 - it rises from the dead, but why and where…
2 - strongholds always break from inside
3 - some persons tend to use your things even if they dont belong to them
4 - who gave this guy a weapon!?
5 - same as 1
6 - something is wrong about that animal…
7 - the traitor never stops making holes in the castle
8 - only greek god knows what happens here

if it contains spoilers, delete the message please.

Good luck and have fun! \m/

solved! thanks.

I like the idea. Right now they are all partially remediated or fully but it’s very difficult to track which number is which backdoor and it even seems random… i reset the box, i get right away “Issue 1 is partially remediated”. The one that was “Fully remediated” goes back to “not remediated” after i have removed another backdoor

A really cool forensic challenge. Thanks a lot @0xdf !
DM me for a nudge.

This is a really good challenge, @0xdf!
It looks like a real IR.

Really good challenge for people interested in IR. We need more like this one! Thanks @0xdf! Also thanks to @4n6man for the tips :slight_smile:

Hey really stupid question but how do I connect to the instance once I have it initiated. I have tried to ssh@user@instanceIP:PORT but am not able to connect. I am connected to the HTB VPN.

I could use some help with this. I’ve found 5 of the 8 backdoors, but only fully remediated 2 of them. Some of the ones I’ve partially remediated seem like they should be fully remediated, as I don’t know what else there is to fix (#2 for example, seems pretty straightforward).

Hi, I fully remediated all except the n° 1 (partially) and I do not see what I missed. Any hint ? Thanks.

i only remain 6.
can you pm me? for nurge?

Issue 1 is fully remediated
Cleaning issue 2 seems to have broken expected behavior
Issue 3 is fully remediated
Cleaning issue 4 seems to have broken expected behavior
Issue 5 is fully remediated
Issue 6 is fully remediated
Cleaning issue 7 seems to have broken expected behavior
Issue 8 is fully remediated

thank you 4n6man.

i am fully done!
it is so fun box, and good teaching.

if you want help plz msg me.

Hi, I fully remediated every issue except for n° 2 and n° 7 that are only partially remediated. Could I have any hint please?

Type your comment> @andrea9lli said:

Hi, I fully remediated every issue except for n° 2 and n° 7 that are only partially remediated. Could I have any hint please?

leaves must have a root!

So far ive gotten issues 1,3,5 and 8 with leads on 2 and 7 but it feels like i’ve hit a complete dead end. Any tips are much appreciated :slight_smile:

all resolved except 2 which is partially remediated. Any hint?

Looking for some hints on #2 and #6.

#2 I’ve got partially remediated by removing something someone usually doesn’t have and changing overly permissive permissions on the folder where it was, but not sure what else to check.
#6 from the hint I’m thinking something with cat, netcat, or python and have done the usual suid, sgid, cap checks and don’t see anything on them. Would appreciate a nudge!

Thanks!

Amazing challenge, loved it. Thanks @0xdf.

As somebody else said, we need more of these challenges.

2 Likes

Amazing work by @0xdf ! Hope once it retires you make a writeup on how you approach things. Also curious to see if you’re able to crack the solveme binary to give give yourself hints on where to look for or even get the flag without actually patching anything.

For anyone who got stuck feel free to DM me :slight_smile:

1 Like

Hello

First time that I have to ssh into a server on this HTB platform. Do I have to connect VPN in order to do this?

Personally I think this is vary hard if you don’t have enough linux system experience, the 8 sub-puzzles doesn’t have strong logical connection, I was able to solve 2 or 3 of them fully and got stuck with others partially solved for days. It’s so frustrating that I ended up by reversing the solveme binary and got som hints from some leaked strings, even though it takes me hours to finally solve it. Great job @0xdf !

For the reverse guys, the solveme binary is a python executable obfuscated by pyarmor, it’s not easy unless…