Oouch

rooted.
This box is incredibly amazing but is definitely not a hard box, is fucking insane and complex.
Very good and hard work behind, @qtc (and try if possible to re-rate this box to 50 points please xD)

Rooted … But man what a frustrating box. Honestly whoever ranked this box “Hard” was not thinking straight. Just to get user requires you to learn every unrealistic attack on OA*** there is. And there is a guessing part, which shouldn’t be a thing.
There are many stability issues on the website that I ran into a lot. I wish there were more “helpful hints” along the way. It made the learning experience not enjoyable.

OFF: “Type your comment” - forum engine seems to be a little bit strange, never touched the “Post comment” button, but sometimes just browsing the forum posts the default “Type your comment” message here. idk, why… :slight_smile:

Rooted. Special thanks goes to @seekorswim and @lorenzooo, for nudging me to the right path. I can’t belief I got stuck on something so obvious in retrospect. Great box, user part very clean, root part very dirty, haha.

I thought it was very difficult, but it gave me a good lesson in staying zen and perseverance.

I am buried in the privesc on this box. (I think I agree with @Lorenzooo - it feels like an insane box).

I am trying to get a python2 exploit to run in a python3 environment but failing drastically.

Has anyone else managed this or have I gone barking up the wrong tree?

Rooted
It was a great journey.

this box is not hard It is absolutely INSANE. Thanks to @qtc for great box
pm for hints.

Hi all; am now on the “admin” page and have quite some new information; I think I know in general what I would like/need to do next but I cant put the pieces in place yet. some nudge in the right direction would be highly appreciated. pm for hints. thanx

So I cleared my previous hurdle thanks to @hatsat32 - the primary lesson is to not rely on tools to convert. Yes I am an idiot.

Rooted! Root is not so hard but user is interesting and nice. Thanks for supporting @onurshin and @seekorswim.

Rooted. Thank you @qtc for an awesome ride of ups and downs :smiley: Really enjoyed that box and learned a ton from it :slight_smile:

whoami

root

id

uid=0(root) gid=0(root) groups=0(root)
Great Box ! Enjoyed it & definitely learned a lot from it !

Finally rooted; great box! Enjoyed user part most and learned a lot new stuff with user and root; thanks @qtc

WTF!!!

Rooted, this machine was very fucking painfull

my hints:

user: try to understand every single request about web apps. Enum without extensions (I hope you know why). Try to understand how the apps are generating the access. Practice with more than one user. When you get it, send the url with the form that could has communication with admin. Remember close session and get in again. Start again to find more paths over apps. At this point try to get some research about oh on d*o and verify what request you can do. This part take me too much time. Put attention on response headers and get too much fuzzing over apps

Root: this was pretty hard. The vector escalation was based just verifying process.

I hope that I didn’t spoil nothing

My total admiration for QTC. THX

Can anyone drop me a hint on foothold? Only thing interesting I’ve seen so far is “Hacking Attempt Detected” on /c****** page lol. Got info about tech stack from low port…

Edit: Wasn’t using enough wordlists for initial enum, found interesting endpoint o****. Still could use a nudge though :neutral:

anyone to help with o**** endpoint ?

Rooted! I really liked the box. It’s incredibly well thought out, but it’s also a pain in the ■■■.
I think that an insane rating would be better, as other say.

Massive thanks to @qtc for this great box.
Also for @Chr0x6eOs for his great help!

If someone need a nudge, please clearly describe the phase you are in.
You can pm me.

Big thanks to all, who share their knowledge with other people!
root@oouch:~#

finally rooted i love initial part
PM me for hints if stuck

Am I the only one who cannot get a connection back from the c*****t page?

I’m still not find any foothold
Anyone can help me?