Oouch

Hi all; am now on the “admin” page and have quite some new information; I think I know in general what I would like/need to do next but I cant put the pieces in place yet. some nudge in the right direction would be highly appreciated. pm for hints. thanx

So I cleared my previous hurdle thanks to @hatsat32 - the primary lesson is to not rely on tools to convert. Yes I am an idiot.

Rooted! Root is not so hard but user is interesting and nice. Thanks for supporting @onurshin and @seekorswim.

Rooted. Thank you @qtc for an awesome ride of ups and downs :smiley: Really enjoyed that box and learned a ton from it :slight_smile:

whoami

root

id

uid=0(root) gid=0(root) groups=0(root)
Great Box ! Enjoyed it & definitely learned a lot from it !

Finally rooted; great box! Enjoyed user part most and learned a lot new stuff with user and root; thanks @qtc

WTF!!!

Rooted, this machine was very fucking painfull

my hints:

user: try to understand every single request about web apps. Enum without extensions (I hope you know why). Try to understand how the apps are generating the access. Practice with more than one user. When you get it, send the url with the form that could has communication with admin. Remember close session and get in again. Start again to find more paths over apps. At this point try to get some research about oh on d*o and verify what request you can do. This part take me too much time. Put attention on response headers and get too much fuzzing over apps

Root: this was pretty hard. The vector escalation was based just verifying process.

I hope that I didn’t spoil nothing

My total admiration for QTC. THX

Can anyone drop me a hint on foothold? Only thing interesting I’ve seen so far is “Hacking Attempt Detected” on /c****** page lol. Got info about tech stack from low port…

Edit: Wasn’t using enough wordlists for initial enum, found interesting endpoint o****. Still could use a nudge though :neutral:

anyone to help with o**** endpoint ?

Rooted! I really liked the box. It’s incredibly well thought out, but it’s also a pain in the ■■■.
I think that an insane rating would be better, as other say.

Massive thanks to @qtc for this great box.
Also for @Chr0x6eOs for his great help!

If someone need a nudge, please clearly describe the phase you are in.
You can pm me.

Big thanks to all, who share their knowledge with other people!
root@oouch:~#

finally rooted i love initial part
PM me for hints if stuck

Am I the only one who cannot get a connection back from the c*****t page?

I’m still not find any foothold
Anyone can help me?

# id
uid=1000(qtc) gid=1000(qtc) euid=0(root) groups=1000(qtc)

Big thanks to qtc for ruining 3 days of my life learning about o****. You more than made up for it on the journey to root which I thoroughly enjoyed.

Also #respekt to the many folks that nudged me along the path to user (you know who you are).

Hints:

For user… if you are like me you will want to rage quit- and that just when you do your initial research. This box is meant to get us outside our comfort zone and force us to learn about stuff that we would never otherwise learn naturally. Because of this, the web is now both safer and more dangerous. :wink:

For root… Basic enum and google search should get it.

God bless you all. ><>

Finally, I did it. Oh man, what a pure pain machine. First of all, thanks to @qtc for his support and the appropriate nudges at each moment and for creating this awesome machine. Also, @rawa gave me some ideas.

On the other hand, this is an insane fucking machine, you need to know about everything to get the flags. For me, the root part was too hard and very dirty. It was a ride on ■■■■-like.

These are my hints.

User:

  • The machine name is a hint about the initial protocol.
  • Examine each request and response in every step of the authorization process. Use tools for that.
  • There is one type of attack that you have to look for.
  • Don’t use the contact page as a way to connect back, this is an insane machine. It can’t be so easy.

Root:

  • Here starts the hard part.
  • Look for the processes that are running on the machine.
  • Discover how the infrastructure has been created and take a look around.
  • When you know where you are, take a look at the config files and the code.
  • Finally, do all the things manually. I didn’t discover anything on the Internet working here.

If you need help, ask for nudges.

Cheers

Spoiler Removed

Spoiler Removed

im in qtc@aeb4525789d8:~$

@xotichacker said:
im in qtc@aeb4525789d8:~$

That might be the problem.