Oouch

Type your comment> @zaBogdan said:

This was a ■■■■ of a ride. Even though i didn’t get the root yet, I will try to give you some hints. ( only for the user part ).

  • Try a bunch of wordlists. The default ones might not reveal the whole truth.
  • Any in particular you recommend? will big.txt be enough?

    Super fun so far, I love boxes like this!

    Got the o–th login working, played with the c— tok—, but havent gotten any real juice yet. Im down to compare notes with anyone that is stuck.

    any hint for low level shell as i was able to create user account and access the web pages on 5***. but not getting any usefull info from it. any help would be appretiated

    need help please . i create compte in port 5*** and decode session and change user to 1 and encode them and replace old session with new but nothing !?? any hint please . how encode them by key or … thank

    Rooted! :smiley: The user part stretched my limits on modern web apps and authentication schemes. The root part was pretty straight forward, but still pretty fun.

    Nice box @qtc. You can always tell how much time and effort you put into these. It is appreciated.

    Rooted. Thanks again for the great box @qtc

    hostname
    oouch
    id
    uid=0(root) gid=0(root) groups=0(root)
    

    What a ride! Thank you for the nudges along the way. Probably the most educational box for me so far.

    Any nudges on how to use the Contact form? I don’t know how to write the message to connect it to my profile

    hi, do I need brutforcer flask?

    Just got user. Respect to @zaBogdan for the help. Initial enum is really important.
    For root, I do understand what should be exploited.
    Seems like another user is needed to send meaningful messages.
    Should I found an RE on the wb s****r?
    Thanks for any nudge!

    Type your comment> @cotonne said:

    Just got user. Respect to @zaBogdan for the help. Initial enum is really important.
    For root, I do understand what should be exploited.
    Seems like another user is needed to send meaningful messages.
    Should I found an RE on the wb s****r?
    Thanks for any nudge!

    Oh! I missed something obvious… ><

    Rooted.

    In my opinion this box could be considered insane. Thank you @qtc your skills are really impressive.

    User hint: Enumeration and understanding the logic behind the applications. Anyway, my real hint is to study everything you’ll find (if you haven’t seen it already) to get to the solution.

    Root hint: Enumeration. In my opinion it’s an insane machine, and you have to try hard. Look at what’s going on in the processes, understand how the applications communicate, and find a way to execute commands from one side to the other. Use google even this time.

    Anyone want to help me move forward on this? I have the the thing, but all it seems to do is disconnect my other guy? any tips??

    Type your comment> @Chr0x6eOs said:

    I see a possible vuln, but the WAF does not seem to like my attempts at all…

    Got a response… Now trying to get something useful…

    I only got response once. After that nothing. So my plan to connecting to another account still stuck.

    This behavior is worse than bank robber machine.

    Any hint for this?

    Spoiler Removed

    Type your comment> @bertalting said:

    any one following the hackerone article ?

    which one?

    Woooh! What a ride! Fantastic box!
    Thanks to the author.
    For root: the hint is in front of you as long as you can become user :slight_smile:
    See you!

    Just got user :smiley:
    I really love the real-world relevance to this part - onwards to root!

    Anybody willing to give me a nudge on foothold?

    I believe I know what technologies are at play and I know what the name of the box is referring to. I even tried a promising exploit on the co***ct page regarding the name of the box but it didn’t work.

    Would appreciate a nudge!

    Should not i be able to login somewhere as my customer account using connected auth account? If you willing to clarify how things work in this machine, i can pm my steps.