Awesome write up - again. You’ve explained Oauth better than I ever could.
I found this one of the hardest boxes on HTB but you’ve put together an easy to follow path.
Some differences in approach (and I am not saying mine is better) but I found the IP address for docker with: p s -a u x (oddly it seems I’ve had to add spaces to stop this being blocked…)
It also looks like the actual address seemed to change between reboots but I never fully confirmed this. (Once it was .2 once it was .5 as far as I can see in my notes).
Also you seem to have got the exploit working easier than I did. I had to run 2to3 then
modify import bytes to from builtins import bytes to get it working.
Lastly - awesome explanation of the D-BUS attack. That nearly broke me!