Oouch

Anyone want to help me move forward on this? I have the the thing, but all it seems to do is disconnect my other guy? any tips??

Type your comment> @Chr0x6eOs said:

I see a possible vuln, but the WAF does not seem to like my attempts at all…

Got a response… Now trying to get something useful…

I only got response once. After that nothing. So my plan to connecting to another account still stuck.

This behavior is worse than bank robber machine.

Any hint for this?

Spoiler Removed

Type your comment> @bertalting said:

any one following the hackerone article ?

which one?

Woooh! What a ride! Fantastic box!
Thanks to the author.
For root: the hint is in front of you as long as you can become user :slight_smile:
See you!

Just got user :smiley:
I really love the real-world relevance to this part - onwards to root!

Anybody willing to give me a nudge on foothold?

I believe I know what technologies are at play and I know what the name of the box is referring to. I even tried a promising exploit on the co***ct page regarding the name of the box but it didn’t work.

Would appreciate a nudge!

Should not i be able to login somewhere as my customer account using connected auth account? If you willing to clarify how things work in this machine, i can pm my steps.

Thanks, @qtc :smiley: Road to root was enjoyably frustrating and learned alot! My favourite box so far :smiley:

rooted.
This box is incredibly amazing but is definitely not a hard box, is fucking insane and complex.
Very good and hard work behind, @qtc (and try if possible to re-rate this box to 50 points please xD)

Rooted … But man what a frustrating box. Honestly whoever ranked this box “Hard” was not thinking straight. Just to get user requires you to learn every unrealistic attack on OA*** there is. And there is a guessing part, which shouldn’t be a thing.
There are many stability issues on the website that I ran into a lot. I wish there were more “helpful hints” along the way. It made the learning experience not enjoyable.

OFF: “Type your comment” - forum engine seems to be a little bit strange, never touched the “Post comment” button, but sometimes just browsing the forum posts the default “Type your comment” message here. idk, why… :slight_smile:

Rooted. Special thanks goes to @seekorswim and @lorenzooo, for nudging me to the right path. I can’t belief I got stuck on something so obvious in retrospect. Great box, user part very clean, root part very dirty, haha.

I thought it was very difficult, but it gave me a good lesson in staying zen and perseverance.

I am buried in the privesc on this box. (I think I agree with @Lorenzooo - it feels like an insane box).

I am trying to get a python2 exploit to run in a python3 environment but failing drastically.

Has anyone else managed this or have I gone barking up the wrong tree?

Rooted
It was a great journey.

this box is not hard It is absolutely INSANE. Thanks to @qtc for great box
pm for hints.

Hi all; am now on the “admin” page and have quite some new information; I think I know in general what I would like/need to do next but I cant put the pieces in place yet. some nudge in the right direction would be highly appreciated. pm for hints. thanx

So I cleared my previous hurdle thanks to @hatsat32 - the primary lesson is to not rely on tools to convert. Yes I am an idiot.

Rooted! Root is not so hard but user is interesting and nice. Thanks for supporting @onurshin and @seekorswim.

Rooted. Thank you @qtc for an awesome ride of ups and downs :smiley: Really enjoyed that box and learned a ton from it :slight_smile:

whoami

root

id

uid=0(root) gid=0(root) groups=0(root)
Great Box ! Enjoyed it & definitely learned a lot from it !