Official Passage Discussion

Rooted!

Straight forward but still has its own unique path/ exploits, not encountered earlier.

Hints:
Initial Foothold: Google. Yes its that simple but still a minor tweak.
User 1: Enumerate everything. Each folder and each file inside.
User 2: This is very simple. check everything inside your home.
Root: Again. Don’t leave your home. Ur bus will take you to places you never imagined

DM for any nudges
thanks to @ChefByzen for such an awesome box

@Meise said:

Hey there, i need a nudge.
I have a shell, and i have to find user1.
I searched around and i find a lot of hashes, none of them is the right one i think because they’re all uncrackable.
can someone help me?

Have you tried hashid? Are you sure they are “hashes” (i.e. are they fixed-length strings which is a good indication that something is hashed).

Type your comment> @TazWake said:

@Meise said:

Hey there, i need a nudge.
I have a shell, and i have to find user1.
I searched around and i find a lot of hashes, none of them is the right one i think because they’re all uncrackable.
can someone help me?

Have you tried hashid? Are you sure they are “hashes” (i.e. are they fixed-length strings which is a good indication that something is hashed).

yeah, they’re all uknown hashes

@Meise said:

yeah, they’re all uknown hashes

When you decode them, do you get anything more useful?

@TazWake said:
@Meise said:

yeah, they’re all uknown hashes

When you decode them, do you get anything more useful?

mmh…
i think c***.php is a bait, same the **.php files, and i think i didnt find nothing usefull on them
thx a lot for the help anyway

@Meise said:

mmh…
i think c***.php is a bait, same the **.php files, and i think i didnt find nothing usefull on them
thx a lot for the help anyway

I’d double-check at least part of that assumption. Feel free to PM if you want to be more specific about which files you mean.

@ChefByzen said:

@CallumJ90
Try resetting the box, might be because of HTBs dynamic flags

Thanks for the reply! Even after resets the website wouldn’t take the flags, it was only through spawning my own release arena instance I was able to submit them (if anybody happens to have the same issue).
Overall really great box, the most fun I’ve had so far!

Rooted!

That’s the most awesome box art I’ve seen yet.

User hint:
Find the interesting file, then study how the encryption works.

User2 hint:
Find something that isn’t meant to be shared.

Root hint:
Take the hint from a hidden file.

DM if you need additional nudges.

Rooted. Fun box, nothing too wild. Feel free to pm for a nudge but make sure you tell me what you tried first.

Done. Root is quite hard as compared to the rest of the box… unusual method for sure. Make sure to check your command if you are getting errors, I’ve wasted hours because of a typo. Many thanks to @Hyp3rDrive for pointing it out.

Having an issue with the foothold for some reason… the shell I upload doesn’t want to accept commands. Can anyone help?

Edit: nvm stupid error in my code

Currently I’m stucked on root :neutral: any hint is appreciated :lol:
until now I really enjoyed the machine, one of my favourite.

Uh, I fell really dumb.
I’m looking for the interesting file to gain access to User 1.

I know what I should find in, I’m sure I missed it, but I can’t find it…
Spoiler Removed

Am I on the right path ?

Thanks !

Type your comment> @Sigerbjorn said:

Uh, I fell really dumb.
I’m looking for the interesting file to gain access to User 1.

I know what I should find in, I’m sure I missed it, but I can’t find it…

Am I on the right path ?

Thanks !

yes

@Shides said:

Currently I’m stucked on root :neutral: any hint is appreciated :lol:
until now I really enjoyed the machine, one of my favourite.

Enumerate. Look for something which has certain settings that you can use to your advantage.

Anyone else having an issue where the hash for p**l isn’t there? Am i just blind lol

@LMAY75 said:

Anyone else having an issue where the hash for p**l isn’t there? Am i just blind lol

Double-check to make sure it isn’t there. Be sure what you are looking for.

Type your comment> @LMAY75 said:

Anyone else having an issue where the hash for p**l isn’t there? Am i just blind lol

I was a lazy guy and I missed it twice while reading the file. When you have a lot of text in front of you, look carefully, understand what you are looking. It helps a lot :smiley:

Rooted !

That was a cool ride.
I overwhelmed the Foothold and the User !
Once those two passed, it was pretty easy and straightforward.

DM me if you need a nudge.

I posted my views on this on the cyber badger and HTB official discords… Good box @ChefByzen … some of it felt a little too CTFy to me but then of course that is the way life works sometimes.

Foothold - some googling will land you at a starting point, some digging will land you at a method to gain access to a low-priv shell. [Pre-made works, but you won’t learn from it. use premade afterwards!]
User - Look at what is available to you with your low-priv shell. Search for juicy files that could net you loot. Trust me, you haven’t looked hard enough yet if you are stuck here. its all available for you.
Privesc - pay attention to what you have access to. attention to detail will get you moving forward
Root - more enumeration and google-fu will land you an article, read up and execute for your soon to be root shell