Oouch

User was good. Had trouble getting the token using repeater, had to use curl instead. Getting root drove me insane. I need work on enumerating and Priv Esc. Great machine.

What can I say?

OUCH

root@oouch:/root# id
id
uid=0(root) gid=0(root) groups=0(root)
Thanks for the wonderful machine @qtc

What a machine? A wonderful journey upto root.
For User: Documentations are your friends.
For Lateral Movement: It is possible that a whale and a spider can be friends.
For Root: The one you tried in lateral movement will work now.

Always happy to help. PM for only hints.

root@oouch:~# whoami && id && hostname && wc root.txt
root
uid=0(root) gid=0(root) groups=0(root)
oouch
1 1 33 root.txt
root@oouch:~#

this machine is not hard but it’s REALLY INSANE. rooted :slight_smile:

Wow, that box was badass. Thank you @qtc cost me some nerve :wink:

Insane

Absolutely insane, thanks @qtc.

Guys I got the private key but I am getting invalid format
Any one can help at this point?

----Never mind, I got it

I’m doing WAPTX and there’s some O**** in it, so i thought i’d give a go at that box. I’ve been trying to play around with the various requests and i think i know how to exploit it but it doesn’t work and i’d like some guidance to at least know whether i’m trying to do the right thing or just hitting a wall…

So I’ve managed to get to the point where I can successfully get an ac**** t**** and execute /a**/g**_u***… is this a rabbit hole?

I can’t figure out how it would actually help me… not sure where to go from here :frowning:

Edit: Got User… wow, that was amazing. Awesome box so far.

Rooted. Wow. That was pretty insane.

So, my last comment was from June2nd and i only rooted it lol…
I took a few breaks and did it in stages, and had to learn a lot on topics i didn’t know of, like the whale… even if eventually not much was needed.
Can’t wait to see the 8h walkthrough video for that one.

I’m a bit confused of how to set up the attack for initial access.

I know that there is a simulated user that “interacts” with what is passed into the c****** page. I can create a profile for myself on both the normal application and the hidden o**** application. Does the user do more than just click, is there a way I can trick it into performing a P*** request instead of just G**? Could someone DM me to nudge me in the right direction?

EDIT: Figured that part out…the normal flow must be “paused” and then finished by another
EDIT2: Finally have user…this box requires learning so much. Feel free to DM me for nudges up to that point :slight_smile:

i cant access to the c**er.ooh.h*b’s server IP address could not be found.
Try:

Checking the proxy, firewall, and DNS configuration
anyone also have same problem

Rooted …
This machine was insane …
Feel free to get Nudges from me
Pm me for nudges

Anyone has an idea why the SSH key of q doesn’t work ?
I made the changes needed, and still having an error “Load key “id_rsa”: invalid format.”
Kind of frustrating…

Type your comment> @Caracal said:

Anyone has an idea why the SSH key of q doesn’t work ?
I made the changes needed, and still having an error “Load key “id_rsa”: invalid format.”
Kind of frustrating…

You have copy&paste errors. The key works.

@k4wld said:
Type your comment> @Caracal said:

Anyone has an idea why the SSH key of q doesn’t work ?
I made the changes needed, and still having an error “Load key “id_rsa”: invalid format.”
Kind of frustrating…

You have copy&paste errors. The key works.

Seems to be the text editor the problem…
The SSH key worked like u said.

Type your comment> @aswathamasam said:

i cant access to the c**er.ooh.h*b’s server IP address could not be found.
Try:

Checking the proxy, firewall, and DNS configuration
anyone also have same problem

HTB machines obviously are not in the DNS. What other way could you use to resolve hostname to an IP address?

When I use a************.oouch.htb (The Simple and Secure…) I always get an error:
Please enter a correct username and password. Note that both fields may be case-sensitive.
Of course I created an account and I am sure my username and password are correct. There are often 500 server error, but when I was registering user it went alright. I wonder if I miss something or the machine is that unstable?

Rooted need hints ? Msg me

Arrexel

First tell me your problem and if you like my help give +1

always get an error:
db**[115]: arguments to db**_message_new_method_call() were incorrect, assertion "_db**check_is_valid**** ()" failed in file ././**/dbus/dbus-mssge.c line 1366.
This is normally a bug in some application using the D-Bus library.

D-Bus not built with -rdynamic so unable to print a backtrace
bash: [112: 3 (255)] tcsetattr: Inappropriate ioctl for device

Why, I was about to collapse in the last step.