Oouch Write-Up by Gunroot

Hello friends. I'm here again to present my detailed writeup on the Oouch machine. Since the machine is retiring, I decided to make it to the public.

https://binarybiceps.com/hackthebox-writeup-oouch/

Read time - 13 minutes.

I'd appreciate it if you provide your feedback there or here. I heartily welcome any suggestions or corrections to rectify and make it a better one. Thank you all. :)

Comments

  • Awesome write up - again. You've explained Oauth better than I ever could.

    I found this one of the hardest boxes on HTB but you've put together an easy to follow path.

    Some differences in approach (and I am not saying mine is better) but I found the IP address for docker with: p s -a u x (oddly it seems I've had to add spaces to stop this being blocked...)

    It also looks like the actual address seemed to change between reboots but I never fully confirmed this. (Once it was .2 once it was .5 as far as I can see in my notes).

    Also you seem to have got the exploit working easier than I did. I had to run 2to3 then
    modify import bytes to from builtins import bytes to get it working.

    Lastly - awesome explanation of the D-BUS attack. That nearly broke me!

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • @TazWake Thank you very much. I'm also broken in that Dbus thing. But I couldn't explain it in better way.

    I expected that the exploit will throw errors and it did too. I also took 2-3 attempts on debugging the script but it worked.

    :) Thanks bud for your feedback.

  • It awsome !! while my video is also in processing i just no upload it because i have confusion in some topic of oouch ! But now after reading your walkthrough my doughts are crystal clear !! Thanks !

  • @n33r47 Thanks bro for your feedback. ;) Much appreciated
  • @gunroot said:

    But I couldn't explain it in better way.

    I couldn't explain the D-BUS thing anywhere near as well as you did.

    This was a tough box from start to finish!

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

Sign In to comment.