Oouch

Hardest box, i’ve ever done. Thanks @qtc!

hi all…need some hinit foir priv-sec

@hard said:

hi all…need some hinit foir priv-sec

Get into the right account to use the form of public transport to get the shell you need.

Hi all,
Finally Rooted. Very hard box. If you need some help, u can ask me.

thanks for help @CHUCHO

I’m in aeb4525789d8 and getting error ModuleNotFoundError: No module named 'bytes' when try to exploit. Is there another payload? :frowning:

@tomiashari said:

I’m in aeb4525789d8 and getting error ModuleNotFoundError: No module named 'bytes' when try to exploit. Is there another payload? :frowning:

I dont know, but you can fix this so the exploit works.

I have got the user and i have also find the exploit to the root as well.
But i am stuck in exploiting the payload either its a command format issue as i not getting the www-data in my listener. Any hints??

Type your comment> @tomiashari said:

I’m in aeb4525789d8 and getting error ModuleNotFoundError: No module named 'bytes' when try to exploit. Is there another payload? :frowning:

you need to modify the exploit accordingly, i am not getting any error but still unable to get the www-data shell

@Xaro002 said:

I have got the user and i have also find the exploit to the root as well.
But i am stuck in exploiting the payload either its a command format issue as i not getting the www-data in my listener. Any hints??

Chances are good that you’ve got a slight error in one of the switches.

Hi,I need a bit of help with the last bit of this box,I am www-data and need a bit of help understanding the last exploit,anyone willing to clear up the mist please hit me up…

Type your comment> @lesleybw said:

Hi,I need a bit of help with the last bit of this box,I am www-data and need a bit of help understanding the last exploit,anyone willing to clear up the mist please hit me up…

ROOTED!!!

Got user! :smiley: Woow, evil machine! (a bit unstable, also…)

May I ask someone to share how you got to read the “D******ts” contents?
I read it after connecting the profiles, but after a reset I never been able to replicate that stuff, so I wonder how did I get it in the first place…

Anyway, thanks @qtc for the great learning opportunity about o****h

Rooted as well, if there is one hint that worth giving on this box i’ll share it from one post above from @dr0ptpkt .

“Do your initial research. This box is meant to get us outside our comfort zone and force us to learn about stuff that we would never otherwise learn naturally.”

PS: root is easier than getting user on my side.

Big thanks to @qtc.

Can someone give me a nudge on escalating to root the CVE sends the payload but im not getting a shell back.

Finally rooted!!

root@oouch:/root# id
id
uid=0(root) gid=0(root) groups=0(root)

Thanks @luca76 for that last part :smiley:

Rooted
thanks to @camnbear and @3l33t for there help with this one

Type your comment> @zero87 said:

Rooted
thanks to @camnbear and @3l33t for there help with this one

Your’e welcome and Cheers bro

whoami && id
root
uid=0(root) gid=0(root) groups=0(root)
root@oouch:/root# 

I want a nice sleep right now :smiley:

Can someone please give me a nudge on c*****t page? I’m pasting what I’m supposed to in there, and I’m pretty sure the ‘click’ is happening because if I paste my local dev server url, I get a request.

But then when I proceed to the next step, it’s just my accounts that are linked…

Hey guys, I’d appreciate a little nudge. I have access to the admin page and found a way to r******* my app. I can now access some additional resources and have a pretty good idea what to do with them, but I can’t figure out the mechanics. Please PM me if you’re willing to help. I can provide details on what I’ve tried so far. Thanks :slight_smile: