Oouch

Type your comment> @tomiashari said:

I’m in aeb4525789d8 and getting error ModuleNotFoundError: No module named 'bytes' when try to exploit. Is there another payload? :frowning:

you need to modify the exploit accordingly, i am not getting any error but still unable to get the www-data shell

@Xaro002 said:

I have got the user and i have also find the exploit to the root as well.
But i am stuck in exploiting the payload either its a command format issue as i not getting the www-data in my listener. Any hints??

Chances are good that you’ve got a slight error in one of the switches.

Hi,I need a bit of help with the last bit of this box,I am www-data and need a bit of help understanding the last exploit,anyone willing to clear up the mist please hit me up…

Type your comment> @lesleybw said:

Hi,I need a bit of help with the last bit of this box,I am www-data and need a bit of help understanding the last exploit,anyone willing to clear up the mist please hit me up…

ROOTED!!!

Got user! :smiley: Woow, evil machine! (a bit unstable, also…)

May I ask someone to share how you got to read the “D******ts” contents?
I read it after connecting the profiles, but after a reset I never been able to replicate that stuff, so I wonder how did I get it in the first place…

Anyway, thanks @qtc for the great learning opportunity about o****h

Rooted as well, if there is one hint that worth giving on this box i’ll share it from one post above from @dr0ptpkt .

“Do your initial research. This box is meant to get us outside our comfort zone and force us to learn about stuff that we would never otherwise learn naturally.”

PS: root is easier than getting user on my side.

Big thanks to @qtc.

Can someone give me a nudge on escalating to root the CVE sends the payload but im not getting a shell back.

Finally rooted!!

root@oouch:/root# id
id
uid=0(root) gid=0(root) groups=0(root)

Thanks @luca76 for that last part :smiley:

Rooted
thanks to @camnbear and @3l33t for there help with this one

Type your comment> @zero87 said:

Rooted
thanks to @camnbear and @3l33t for there help with this one

Your’e welcome and Cheers bro

whoami && id
root
uid=0(root) gid=0(root) groups=0(root)
root@oouch:/root# 

I want a nice sleep right now :smiley:

Can someone please give me a nudge on c*****t page? I’m pasting what I’m supposed to in there, and I’m pretty sure the ‘click’ is happening because if I paste my local dev server url, I get a request.

But then when I proceed to the next step, it’s just my accounts that are linked…

Hey guys, I’d appreciate a little nudge. I have access to the admin page and found a way to r******* my app. I can now access some additional resources and have a pretty good idea what to do with them, but I can’t figure out the mechanics. Please PM me if you’re willing to help. I can provide details on what I’ve tried so far. Thanks :slight_smile:

the user parts drive me insane. it so ■■■■ hard but now i understand more about CF and SF attack.

User was good. Had trouble getting the token using repeater, had to use curl instead. Getting root drove me insane. I need work on enumerating and Priv Esc. Great machine.

What can I say?

OUCH

root@oouch:/root# id
id
uid=0(root) gid=0(root) groups=0(root)
Thanks for the wonderful machine @qtc

What a machine? A wonderful journey upto root.
For User: Documentations are your friends.
For Lateral Movement: It is possible that a whale and a spider can be friends.
For Root: The one you tried in lateral movement will work now.

Always happy to help. PM for only hints.

root@oouch:~# whoami && id && hostname && wc root.txt
root
uid=0(root) gid=0(root) groups=0(root)
oouch
1 1 33 root.txt
root@oouch:~#

this machine is not hard but it’s REALLY INSANE. rooted :slight_smile:

Wow, that box was badass. Thank you @qtc cost me some nerve :wink:

Insane

Absolutely insane, thanks @qtc.