Oouch

Spoiler Removed

Type your comment> @bertalting said:

any one following the hackerone article ?

which one?

Woooh! What a ride! Fantastic box!
Thanks to the author.
For root: the hint is in front of you as long as you can become user :slight_smile:
See you!

Just got user :smiley:
I really love the real-world relevance to this part - onwards to root!

Anybody willing to give me a nudge on foothold?

I believe I know what technologies are at play and I know what the name of the box is referring to. I even tried a promising exploit on the co***ct page regarding the name of the box but it didn’t work.

Would appreciate a nudge!

Should not i be able to login somewhere as my customer account using connected auth account? If you willing to clarify how things work in this machine, i can pm my steps.

Thanks, @qtc :smiley: Road to root was enjoyably frustrating and learned alot! My favourite box so far :smiley:

rooted.
This box is incredibly amazing but is definitely not a hard box, is fucking insane and complex.
Very good and hard work behind, @qtc (and try if possible to re-rate this box to 50 points please xD)

Rooted … But man what a frustrating box. Honestly whoever ranked this box “Hard” was not thinking straight. Just to get user requires you to learn every unrealistic attack on OA*** there is. And there is a guessing part, which shouldn’t be a thing.
There are many stability issues on the website that I ran into a lot. I wish there were more “helpful hints” along the way. It made the learning experience not enjoyable.

OFF: “Type your comment” - forum engine seems to be a little bit strange, never touched the “Post comment” button, but sometimes just browsing the forum posts the default “Type your comment” message here. idk, why… :slight_smile:

Rooted. Special thanks goes to @seekorswim and @lorenzooo, for nudging me to the right path. I can’t belief I got stuck on something so obvious in retrospect. Great box, user part very clean, root part very dirty, haha.

I thought it was very difficult, but it gave me a good lesson in staying zen and perseverance.

I am buried in the privesc on this box. (I think I agree with @Lorenzooo - it feels like an insane box).

I am trying to get a python2 exploit to run in a python3 environment but failing drastically.

Has anyone else managed this or have I gone barking up the wrong tree?

Rooted
It was a great journey.

this box is not hard It is absolutely INSANE. Thanks to @qtc for great box
pm for hints.

Hi all; am now on the “admin” page and have quite some new information; I think I know in general what I would like/need to do next but I cant put the pieces in place yet. some nudge in the right direction would be highly appreciated. pm for hints. thanx

So I cleared my previous hurdle thanks to @hatsat32 - the primary lesson is to not rely on tools to convert. Yes I am an idiot.

Rooted! Root is not so hard but user is interesting and nice. Thanks for supporting @onurshin and @seekorswim.

Rooted. Thank you @qtc for an awesome ride of ups and downs :smiley: Really enjoyed that box and learned a ton from it :slight_smile:

whoami

root

id

uid=0(root) gid=0(root) groups=0(root)
Great Box ! Enjoyed it & definitely learned a lot from it !

Finally rooted; great box! Enjoyed user part most and learned a lot new stuff with user and root; thanks @qtc

WTF!!!

Rooted, this machine was very fucking painfull

my hints:

user: try to understand every single request about web apps. Enum without extensions (I hope you know why). Try to understand how the apps are generating the access. Practice with more than one user. When you get it, send the url with the form that could has communication with admin. Remember close session and get in again. Start again to find more paths over apps. At this point try to get some research about oh on d*o and verify what request you can do. This part take me too much time. Put attention on response headers and get too much fuzzing over apps

Root: this was pretty hard. The vector escalation was based just verifying process.

I hope that I didn’t spoil nothing

My total admiration for QTC. THX