Oouch

245

Comments

  • Did anyone figure out the applications part?
    Does it require bruteforce?

  • edited March 2020

    I have have some connection back from playing with c******.p*. But I can't find a way to turn it into lfi. Someone got some success to share following this path?

    Or into anything else! ;-)

  • Well, tricked the admin into doing what I want. Which gives me.... ???

    clubby789

    • GCIH | GCIA
      If you need help with something, PM me how far you've got already, what you've tried etc (I won't respond to profile comments, or on box release night). And remember to +respect me if I helped you ; )
  • check documents after getting admin)

    tabacci

  • edited March 2020

    ...charming machine!

  • Struggling to get my account connected from the hidden link 🙄

    Hack The Box

  • Type your comment> @cyberafro said:
    > Struggling to get my account connected from the hidden link 🙄

    Yeah me too...
  • Ouch, when I tried to register this morning I only got internal server errors and assumed it's on purpose. Wasted a few hours, restarted the box and now I could register :facepalm:

  • Type your comment> @idomino said:

    Ouch, when I tried to register this morning I only got internal server errors and assumed it's on purpose. Wasted a few hours, restarted the box and now I could register :facepalm:

    Yeah 500s occur regularly... Just refresh a couple of times and they are gone...

  • Owned user, this is an incredible box so far. Has really taught me something, everything makes sense, very little guesswork.

    clubby789

    • GCIH | GCIA
      If you need help with something, PM me how far you've got already, what you've tried etc (I won't respond to profile comments, or on box release night). And remember to +respect me if I helped you ; )
  • edited March 2020

    I got some connetion back from /C*****t but , can't turn it into an lfi. Any hints? Or is it a rabbit hole?

  • Type your comment> @Sniper100 said:

    I got some connetion back from /C*****t but , can't turn it into an lfi. Any hints? Or is it a rabbit hole?

    It is neither an lfi nor a rabbit hole... ;)

  • Type your comment> @Chr0x6eOs said:

    Type your comment> @Sniper100 said:

    I got some connetion back from /C*****t but , can't turn it into an lfi. Any hints? Or is it a rabbit hole?

    It is neither an lfi nor a rabbit hole... ;)

    I also can get connection in several different ways, however nothing works as it works locally ...

  • edited March 2020

    Got a little bit furhter thanks to @tabacci
    I now have creds and some other information, but don't know where to use them yet...

  • edited March 2020

    Can somebody please give a hint for getting in the app as user admin?
    Pretty sure it doesn't require bruteforce

  • Got user. I did kind of enjoyed it so far, but insanely hard. :lol:

    Kudos to @tabacci, who I worked with to get this far.

  • This was a hell of a ride. Even though i didn't get the root yet, I will try to give you some hints. ( only for the user part ).

    • We all tried this first, but we got detected... I wonder if there are some workarounds
    • Try a bunch of wordlists. The default ones might not reveal the whole truth.
    • Why I can't code anything? Is this allowed? I don't think so. Nor on client side?
    • If nothing have changed it doesn't mean you are wrong. It just means you didn't understood the service and who belongs to who.
    • Once you are an admin, follow the list in the exact same order, from top to bottom
    • Sometimes, there is a pattern, or a duplicate. Enum, enum, enum
    • Creds are not useless. Enum & read carefully that list
    • This was way easier if I could do it on the first step
    • If you can get something why not try for other things to.

    I hope there are no spoilers. Please tell me if I was to explicit. I am willing to edit the post.

    zaBogdan

    If you need help with the boxes, pm me on Discord, zaBogdan#3458, I always forget to respond on form

  • Finally got some juicy new info from the admin's page. Please tell me I don't need to do this login again for the next steps :D

  • Most fun box I've completed from start to finish. Root is an amazing journey. +1 to qtc.

    Hack The Box

  • Finally owned after about 24 hours of solid work. Absolutely incredible at every step, challenged a lot but never too far. Looking forward to the next one. (How long before we can guess all the passwords on your boxes?)

    clubby789

    • GCIH | GCIA
      If you need help with something, PM me how far you've got already, what you've tried etc (I won't respond to profile comments, or on box release night). And remember to +respect me if I helped you ; )
  • Got pretty much all the information I need, now figuring out how to use that info is the tricky part...

  • Hi guys, I've found the stuff running on port 5*** as well as 8***. In there I created one account for each and linked them.. Ive watched the urls, removed c*** t****** in different places and so on and so fourth, I can't seem to get ANYWHERE haha.
    I found auth for /ap********/ and noticed the difference from /ap********/re*******
    (as in they target two different users)

    A little good ol' nudge would be wonderfull :)

  • Type your comment> @zaBogdan said:

    This was a hell of a ride. Even though i didn't get the root yet, I will try to give you some hints. ( only for the user part ).

      >
    • Try a bunch of wordlists. The default ones might not reveal the whole truth.
    • >

    Any in particular you recommend? will big.txt be enough?

    Hack The Box

  • Super fun so far, I love boxes like this!

    Got the o--th login working, played with the c--- tok---, but havent gotten any real juice yet. Im down to compare notes with anyone that is stuck.

  • any hint for low level shell as i was able to create user account and access the web pages on 5***. but not getting any usefull info from it. any help would be appretiated

  • need help please . i create compte in port 5*** and decode session and change user to 1 and encode them and replace old session with new but nothing !?? any hint please . how encode them by key or .... thank

  • Rooted! :smiley: The user part stretched my limits on modern web apps and authentication schemes. The root part was pretty straight forward, but still pretty fun.

    Nice box @qtc. You can always tell how much time and effort you put into these. It is appreciated.

    OSCP, SSCP
    seekorswim

  • Rooted. Thanks again for the great box @qtc

    badge

  • hostname
    oouch
    id
    uid=0(root) gid=0(root) groups=0(root)
    

    What a ride! Thank you for the nudges along the way. Probably the most educational box for me so far.

  • Any nudges on how to use the Contact form? I don't know how to write the message to connect it to my profile

    Hack The Box

Sign In to comment.