Oz

I’m wondering if there’s a bug with Oz. I’ve been enumerating a particular endpoint and everything works fine for awhile, but I notice it starts throwing 500s instead of the gibberish or correct info I’m looking for, and at that point the endpoint becomes useless.

Not sure if maybe it’s a side effect of someone getting user/root, or maybe someone messing with it once they get access, but it seems like an issue to me.

@chickenbit said:
I’m wondering if there’s a bug with Oz. I’ve been enumerating a particular endpoint and everything works fine for awhile, but I notice it starts throwing 500s instead of the gibberish or correct info I’m looking for, and at that point the endpoint becomes useless.
Not sure if maybe it’s a side effect of someone getting user/root, or maybe someone messing with it once they get access, but it seems like an issue to me.

I haven’t got the user flag yet, but if its the part in thinking of - look into the payload that caused a 500

Also getting 500 sometimes on things that clearly were working. Also system access dropped to read-only filesystem multiple times. Other times the access method won’t work either. Don’t know if it is part of the trolling. Fixed it with a reset.

@ganbaruTobi said:
Also getting 500 sometimes on things that clearly were working. Also system access dropped to read-only filesystem multiple times. Other times the access method won’t work either. Don’t know if it is part of the trolling. Fixed it with a reset.

The read-only issue I am attempting to resolve, this is what causes the 500 errors where there was a clear response. This is not a troll, just an issue with folks attempting bruteforce where there is no need to bruteforce. The read only issue can be resolved with a reset. For now that is the only resolution when that happens.

@bobthebuilder said:
Just got root.

Nice box. I think I got really lucky in the privesc - don’t understand exactly how what I did worked. But root is root! :slight_smile:

DM me and we can discuss what gaps in knowledge you are missing

rooted, learned a lot from start to finish : ) thanks for a fun box

Guys, if you see 500 at end point just disable your suite and use browser only.

@elihtb said:
rooted, learned a lot from start to finish : ) thanks for a fun box

I am so glad you liked it. Thank you.

@waken said:
Guys, if you see 500 at end point just disable your suite and use browser only.

Oh yes, that is also a good point. Yes, that particular host piece is not a fan of the suite.

@incidrthreat @Mumbai You did an awesome job with the box, i have some question regarding the forwarding method that i used, or more like it’s a little bit of confused if some of you is still online on mm, i would like to know more about my " situation ". Further more good job, thanks for the anoying box Kek.

@labyrinth said:
Hmm, I know of ippsec’s videos. Does m0noc have a blog or youtube channel? I am not finding it.

+1 I’d love to know, too

@incidrthreat The Oz box is released and Dorothy’s missing slippers are found 13 years later. Did you have something to do with this?!

@drtychai said:

@labyrinth said:
Hmm, I know of ippsec’s videos. Does m0noc have a blog or youtube channel? I am not finding it.

+1 I’d love to know, too

Might it be this?

@incidrthreat said:

@waywardsun said:
Yeah, I have to wonder if it was tested.

100% was tested for 4-5 weeks before submission. All items and “rabbit holes” are working as intended. The box was tested again after submission by the HTB team not for rabbit holes or “unhackable” but does it have a flow, is it stable, are the steps logical to follow. Just gotta look a little harder and try different things. Never rely on a single tool for your enumeration or cracking.

THIS! :smiley:

So for those interested m0noc’s blog is located: blog.m0noc.com

He said he hasn’t updated it in awhile but I’m hoping he will start back up soon.

@incidrthreat The blog is a .com site. “http://blog.m0noc.com/

For those that can read files did you first have to get the username and password

@tigr8787 said:
@incidrthreat The blog is a .com site. “http://blog.m0noc.com/

Fixed. Thanks!

@genxweb said:
For those that can read files did you first have to get the username and password
not needed

@w31rd0 said:

@genxweb said:
For those that can read files did you first have to get the username and password
not needed

Thanks. I think i found proper path. I found two things interesting and right now getting the 500 without my suite trying to determine proper syntax

I need a little help in getting initial foot in to the box… can anyone please PM me i want to know that i m on the right track