Official Passage Discussion

nice box. I had a tough time seeing what was in front of me for root. I had just not seen that before and for some reason my enumeration of processes did not turn up the vector. The clue about looking at what an editor has accessed is a really good clue. Once you have that info, the google exercise is very straight forward. I really enjoyed the foothold/user 1 enumeration.

uid=0(root) gid=0(root) groups=0(root)

Spoiler Removed

Everyone’s hints were awesome. Thanks all. Thanks @ChefByzen for the box.

My root hint: Don’t bank on the escalation scripts on your thumb drive. You will very likely have to Google for it. I know I had to

Spoiler Removed

Type your comment> @m1r3x said:

Type your comment> @0xstain said:

do i must crack the hash for get user?

yes. crackstation is enough.

Okay got it thanks

Idk what to google for the root part :confused:
I can’t also find any suspicious file on the home directory …
Am i missing something???

php files decrypt is a rabbit hole?
Someone overwrite pxp files reset box and now ok

Finally rooted. Looking back, the box was quite good. User parts were pretty simple.
But spent a hell lot of time on the root part. Wasted a huge time poking around at the C*** service. Thanks to the hints from the forum, finally found the privesc and it took only minutes to get root -_-

Feel free to PM for nudges if stuck anywhere :wink:

Spoiler Removed

Nice machine with a few twists just to keep you on your toes.

root@passage:~# hostname && id
uid=0(root) gid=0(root) groups=0(root)

Thanks @ChefByzen for the machine ? PM for hints and explain steps taken to date.

added , coma…but still it is in coma…no response !!
reload everything…!
helped to get the payload in list

Rooted ?

Nice box and good practice for people doing OSCP. User is pretty easy and I overthink the root part. Very nice box.

PM for help ?

if you are looking for your first medium box, this is a good one.

Rooted. I think this box should be an easy box in my opinion :smiley:

****@passage:~$ cat user.txt
got user.txt !!! thank you @rholas !!

Rooted ! pm me for any hint but tell me where you are , what you tried :slight_smile:

Yay, my first non-retired box that I rooted.
Thank you for the machine

Finally … rooted
Very clever machine…easy when you know it.

Spoiler Removed

Apparently I explained my mistakes too much, was considering spoiling x)
Rooted as well. PM for nudges

root@passage:~# whoami && id && hostname
uid=0(root) gid=0(root) groups=0(root)

after tons of hours digging in the wrong places able to solve this don’t overthink it just keep it simple
I need some hints PM and ill do my best to help
thanks to @gs4l for the boost I needed