Official Passage Discussion

Type your comment> @Fr0sty9 said:

If this is EASY, then how would you rate a box on which you could get root just by running linpeas ?

xD yeah this is right. I dunno, this is why HTB is getting reputation for being less and less beginner friendly. Because even easy level boxes you have to do a bunch of manual stuff. At least that was my experience recently

It’s funny that you say that, because I think about this regularly when people are asking about how the OSCP exam boxes compare to HTB boxes. I felt my OSCP exam boxes were all WAY easier than the latest easy boxes on HTB. Like I had 90/100 points in 10 hours on my OSCP exam.

Then again, some people say the OSCP boxes are like mediums on here, so I guess it is half personal opinion and luck.

Yeah - that can be better but only when you get a lot of ratings. There are people who rate insane boxes a 1 and I’ve no idea why…

@TazWake Are you talking about the guy who rated RopeTwo a 1? I laughed my ass off at that lmao. Probably just did it for the memes. But yeah I understand what you mean.

You always need a large sample size for statistics like this to be more precise. For example I find that even hard machines are rated fairly easy according to user ratings when they’re released. It’s probably because the people who attempt hard boxes at release are usually more experienced/confident and find them easier. As the number of solves grow, the rating reflects the actual difficulty according to the average user better.

Type your comment> @pizzapower said:

Type your comment> @Fr0sty9 said:

If this is EASY, then how would you rate a box on which you could get root just by running linpeas ?

xD yeah this is right. I dunno, this is why HTB is getting reputation for being less and less beginner friendly. Because even easy level boxes you have to do a bunch of manual stuff. At least that was my experience recently

It’s funny that you say that, because I think about this regularly when people are asking about how the OSCP exam boxes compare to HTB boxes. I felt my OSCP exam boxes were all WAY easier than the latest easy boxes on HTB. Like I had 90/100 points in 10 hours on my OSCP exam.

Then again, some people say the OSCP boxes are like mediums on here, so I guess it is half personal opinion and luck.

OSCP is a lot more about enumeration and a pathway to exploiting something. Rather than some random CTF where you gotta exploit something and you only find it by desperately checking everywhere.

Yes, the difficulty of HTB boxes is, in average, going upwards, because the sample of people rating them are practicing more and completing more boxes. Surely, as an HTB participant, something I found medium 12 months ago, would probably seem much easier now; and most of us behave that way. For newcomers it must be harder.

Wow!!! I would not want anyone to smash their keyboard/monitors etc. when they pivot from user1 → user2. For root, all the covid 19 crap is just telling you that enum is more about just running tools. Don’t run them, won’t help you. Just use the “-a” with listing and read. If you have to read through the entire dir don’t shy away. The more you read, more you will understand.

Thanks, I learned a lot!

Great box, nice and easy for a change, although I did get hung up overlooking some simple stuff here and there, and trying to automate my manual exploit process in the beginning with bash scripts.

Really fun box so far, maybe one of the first I’ve done with minimal hints, though I think I’ve managed to get it wrong both times! I’ve read both the user and root flag files but neither hashes are being accepted by htb; if anybody is able to chat through what I’ve done so far and tell me I’m being dumb, I’d really appreciate it!

@CallumJ90
Try resetting the box, might be because of HTBs dynamic flags

@3zculprit said:
enum is more about just running tools. Don’t run them, won’t help you. Just use the “-a” with listing and read. If you have to read through the entire dir don’t shy away. The more you read, more you will understand.
A phenominal hint. If you’re still having trouble, refer to this.

rooted. thanks @ChefByzen for a nice box - the root part was very cool

Probably one of my favorite boxes to date. Really good logical flow and I’d agree with other posters that the difficulty advances as you progress through the box.

My hint for root would be to read the other posts carefully and to echo a very recent post, ensure you utilize the -a when listing directories. Enum scripts will only get you so far.

Feel free to DM for nudges and thank you @ChefByzen for the box!

Hey there, i need a nudge.
I have a shell, and i have to find user1.
I searched around and i find a lot of hashes, none of them is the right one i think because they’re all uncrackable.
can someone help me?

Rooted!

Straight forward but still has its own unique path/ exploits, not encountered earlier.

Hints:
Initial Foothold: Google. Yes its that simple but still a minor tweak.
User 1: Enumerate everything. Each folder and each file inside.
User 2: This is very simple. check everything inside your home.
Root: Again. Don’t leave your home. Ur bus will take you to places you never imagined

DM for any nudges
thanks to @ChefByzen for such an awesome box

@Meise said:

Hey there, i need a nudge.
I have a shell, and i have to find user1.
I searched around and i find a lot of hashes, none of them is the right one i think because they’re all uncrackable.
can someone help me?

Have you tried hashid? Are you sure they are “hashes” (i.e. are they fixed-length strings which is a good indication that something is hashed).

Type your comment> @TazWake said:

@Meise said:

Hey there, i need a nudge.
I have a shell, and i have to find user1.
I searched around and i find a lot of hashes, none of them is the right one i think because they’re all uncrackable.
can someone help me?

Have you tried hashid? Are you sure they are “hashes” (i.e. are they fixed-length strings which is a good indication that something is hashed).

yeah, they’re all uknown hashes

@Meise said:

yeah, they’re all uknown hashes

When you decode them, do you get anything more useful?

@TazWake said:
@Meise said:

yeah, they’re all uknown hashes

When you decode them, do you get anything more useful?

mmh…
i think c***.php is a bait, same the **.php files, and i think i didnt find nothing usefull on them
thx a lot for the help anyway

@Meise said:

mmh…
i think c***.php is a bait, same the **.php files, and i think i didnt find nothing usefull on them
thx a lot for the help anyway

I’d double-check at least part of that assumption. Feel free to PM if you want to be more specific about which files you mean.

@ChefByzen said:

@CallumJ90
Try resetting the box, might be because of HTBs dynamic flags

Thanks for the reply! Even after resets the website wouldn’t take the flags, it was only through spawning my own release arena instance I was able to submit them (if anybody happens to have the same issue).
Overall really great box, the most fun I’ve had so far!