Official Passage Discussion

Type your comment> @exord26 said:

Type your comment> @Raekh said:

Got second user, I’m pretty sure I’m home where I need to be. I’m having trouble with my keys and my rings. Solved a problem by including a dash and a cross, but now I just get no answer. How can I “display” what I want ? How do I catch the bus ?

look in google maybe u need add a “-” in your search

I’ve been doing nothing but that for the past 4 hours and I tried a lot of options with dashes

Type your comment> @Raekh said:

Type your comment> @exord26 said:

Type your comment> @Raekh said:

Got second user, I’m pretty sure I’m home where I need to be. I’m having trouble with my keys and my rings. Solved a problem by including a dash and a cross, but now I just get no answer. How can I “display” what I want ? How do I catch the bus ?

look in google maybe u need add a “-” in your search

I’ve been doing nothing but that for the past 4 hours and I tried a lot of options with dashes

Google for the article on catching the bus. You can’t get much closer then @extincted 's hint.

Look for files edited say in an editor. Google suspicious filename and you will end up with an article (and likely you will see other similarities to this very machine).

1 Like

I don’t get it. There are two buses. Are they conflicting with each other ? One doesn’t seem to do anything and the other one doesn’t even start. I’m completely lost.

nice box. I had a tough time seeing what was in front of me for root. I had just not seen that before and for some reason my enumeration of processes did not turn up the vector. The clue about looking at what an editor has accessed is a really good clue. Once you have that info, the google exercise is very straight forward. I really enjoyed the foothold/user 1 enumeration.

#whoami&&id&&hostname
root
uid=0(root) gid=0(root) groups=0(root)
passage

Spoiler Removed

Everyone’s hints were awesome. Thanks all. Thanks @ChefByzen for the box.

My root hint: Don’t bank on the escalation scripts on your thumb drive. You will very likely have to Google for it. I know I had to

Spoiler Removed

Type your comment> @m1r3x said:

Type your comment> @0xstain said:

do i must crack the hash for get user?

yes. crackstation is enough.

Okay got it thanks

Idk what to google for the root part :confused:
I can’t also find any suspicious file on the home directory …
Am i missing something???

php files decrypt is a rabbit hole?
f…
Someone overwrite pxp files reset box and now ok

Finally rooted. Looking back, the box was quite good. User parts were pretty simple.
But spent a hell lot of time on the root part. Wasted a huge time poking around at the C*** service. Thanks to the hints from the forum, finally found the privesc and it took only minutes to get root -_-

Feel free to PM for nudges if stuck anywhere :wink:

Spoiler Removed

Nice machine with a few twists just to keep you on your toes.

root@passage:~# hostname && id
passage
uid=0(root) gid=0(root) groups=0(root)

Thanks @ChefByzen for the machine ? PM for hints and explain steps taken to date.

added , coma…but still it is in coma…no response !!
reload everything…!
helped to get the payload in list

Rooted ?

Nice box and good practice for people doing OSCP. User is pretty easy and I overthink the root part. Very nice box.

PM for help ?

if you are looking for your first medium box, this is a good one.

Rooted. I think this box should be an easy box in my opinion :smiley:

****@passage:~$ cat user.txt
got user.txt !!! thank you @rholas !!

Rooted ! pm me for any hint but tell me where you are , what you tried :slight_smile:

Yay, my first non-retired box that I rooted.
Thank you for the machine

Finally … rooted
Very clever machine…easy when you know it.