fieldraccoon · rag7 · Oct 1, 2020
diff --git a/misc posts not released yet/2020-08-01-Oouch.md b/misc posts not released yet/2020-08-01-Oouch.md
@@ -127,7 +127,7 @@ We move on from `ftp` and head over to the website to take a look there.
 
 ## Port 8000
 
-After heading over to port 8000 in the web browser we are greeted with a 400 error so we move on to the next port(although we will come back to this later).
+After heading over to port 8000 in the web browser we are greeted with a 400 error so we move on to the next port (although we will come back to this later).
 
 ![img-1](https://i.ibb.co/JqLLXc3/oouch-port-8000.png)
 
@@ -142,9 +142,9 @@ I register with the credentials:
 - email field@gmail.com
 - password: 123
 
-Theese can be anything that you like as long as you remember them.
+These can be anything that you like as long as you remember them.
 
-We then go back to the login section and relogin again with the account that we just made.
+We then go back to the login section and login again with the account that we just made.
 
 After looking at all the pages we dont notice anything interesting apart from the `/contact` page that we could get a possible xss or ssrf exploit on that but we will leave that for now.
 
@@ -182,11 +182,11 @@ After running a directory scan with gobuster we notice the directory `oauth` whi
 
 After visiting this we can see that it seems to be a sort of link portal to the other domains. 
 
-We can see it wants us to visit `consumer.oouch.htb` and when clicking on the top link we get a redirect to `authorization.oouch.htb`, Now the ftp note makes sense,
+We can see it wants us to visit `consumer.oouch.htb` and when clicking on the top link we get a redirect to `authorization.oouch.htb`, now the ftp note makes sense,
 
 the `consumer.oouch.htb` subdomain is running `Flask` and the `authorization.oouch.htb` subdomain is running the `Django` framework.
 
-We add both of theese to our `/etc/hosts` file and click on both the links to enumerate further.
+We add both of these to our `/etc/hosts` file and click on both the links to enumerate further.
 
 ## Exploiting the oauth 
 
@@ -218,7 +218,7 @@ Cookie: csrftoken=Stunn36IKtj5gIp3ZcBrYaztEOiVXjVp2ouK9mmA8edRo9G5oteXl9VnYf19oH
 Upgrade-Insecure-Requests: 1
 ```
 
-We we have the parameter `client_id`, we forward this request aswell and we see a popup on the web browser asking us to authorize.
+We we have the parameter `client_id`, we forward this request as well and we see a popup on the web browser asking us to authorize.
 
 We click on that and then forward the request once again.
 
@@ -261,7 +261,7 @@ Then we go back to `http://consumer.oouch.htb:5000/oauth/login` and we should se
 
 We click authorize and it logs us in as `qtc`!
 
-What we essentially did here was connect our own account with qtc,s account. You will see in the profile section that our own user is the one connected.
+What we essentially did here was connect our own account with qtc's account. You will see in the profile section that our own user is the one connected.
 
 ![img-7](https://i.ibb.co/tJ6Mmsn/qtc-logg-in.png)