Oouch

Type your comment> @zero87 said:

Rooted
thanks to @camnbear and @3l33t for there help with this one

Your’e welcome and Cheers bro

whoami && id
root
uid=0(root) gid=0(root) groups=0(root)
root@oouch:/root# 

I want a nice sleep right now :smiley:

Can someone please give me a nudge on c*****t page? I’m pasting what I’m supposed to in there, and I’m pretty sure the ‘click’ is happening because if I paste my local dev server url, I get a request.

But then when I proceed to the next step, it’s just my accounts that are linked…

Hey guys, I’d appreciate a little nudge. I have access to the admin page and found a way to r******* my app. I can now access some additional resources and have a pretty good idea what to do with them, but I can’t figure out the mechanics. Please PM me if you’re willing to help. I can provide details on what I’ve tried so far. Thanks :slight_smile:

the user parts drive me insane. it so ■■■■ hard but now i understand more about CF and SF attack.

User was good. Had trouble getting the token using repeater, had to use curl instead. Getting root drove me insane. I need work on enumerating and Priv Esc. Great machine.

What can I say?

OUCH

root@oouch:/root# id
id
uid=0(root) gid=0(root) groups=0(root)
Thanks for the wonderful machine @qtc

What a machine? A wonderful journey upto root.
For User: Documentations are your friends.
For Lateral Movement: It is possible that a whale and a spider can be friends.
For Root: The one you tried in lateral movement will work now.

Always happy to help. PM for only hints.

root@oouch:~# whoami && id && hostname && wc root.txt
root
uid=0(root) gid=0(root) groups=0(root)
oouch
1 1 33 root.txt
root@oouch:~#

this machine is not hard but it’s REALLY INSANE. rooted :slight_smile:

Wow, that box was badass. Thank you @qtc cost me some nerve :wink:

Insane

Absolutely insane, thanks @qtc.

Guys I got the private key but I am getting invalid format
Any one can help at this point?

----Never mind, I got it

I’m doing WAPTX and there’s some O**** in it, so i thought i’d give a go at that box. I’ve been trying to play around with the various requests and i think i know how to exploit it but it doesn’t work and i’d like some guidance to at least know whether i’m trying to do the right thing or just hitting a wall…

So I’ve managed to get to the point where I can successfully get an ac**** t**** and execute /a**/g**_u***… is this a rabbit hole?

I can’t figure out how it would actually help me… not sure where to go from here :frowning:

Edit: Got User… wow, that was amazing. Awesome box so far.

Rooted. Wow. That was pretty insane.

So, my last comment was from June2nd and i only rooted it lol…
I took a few breaks and did it in stages, and had to learn a lot on topics i didn’t know of, like the whale… even if eventually not much was needed.
Can’t wait to see the 8h walkthrough video for that one.

I’m a bit confused of how to set up the attack for initial access.

I know that there is a simulated user that “interacts” with what is passed into the c****** page. I can create a profile for myself on both the normal application and the hidden o**** application. Does the user do more than just click, is there a way I can trick it into performing a P*** request instead of just G**? Could someone DM me to nudge me in the right direction?

EDIT: Figured that part out…the normal flow must be “paused” and then finished by another
EDIT2: Finally have user…this box requires learning so much. Feel free to DM me for nudges up to that point :slight_smile:

i cant access to the c**er.ooh.h*b’s server IP address could not be found.
Try:

Checking the proxy, firewall, and DNS configuration
anyone also have same problem

Rooted …
This machine was insane …
Feel free to get Nudges from me
Pm me for nudges

Anyone has an idea why the SSH key of q doesn’t work ?
I made the changes needed, and still having an error “Load key “id_rsa”: invalid format.”
Kind of frustrating…

Type your comment> @Caracal said:

Anyone has an idea why the SSH key of q doesn’t work ?
I made the changes needed, and still having an error “Load key “id_rsa”: invalid format.”
Kind of frustrating…

You have copy&paste errors. The key works.