Haystack

17810121323

Comments

  • I am stuck with the priv esc to root.
    Anyone can PM me with some hints/nudges?
    Nearly there I think.

  • Type your comment> @macha2230 said:

    I am stuck with the priv esc to root.
    Anyone can PM me with some hints/nudges?
    Nearly there I think.

    same boat...

  • edited July 2019

    I'm trying to escalate through root. I understood what to do. When I try to run .co** files, it's giving some errors. Also, I tried to add --ph.sengs argument. Need some nudges here..

    edit: got root! Forget the lines above. It is misdirection.

    Hack The Box

  • edited July 2019

    My advice to everyone for the root path:
    Check the configuration files related to that app you saw.

    fasetto

  • I have to admit I do not like CTF-ish machines at all.
    But this one is very well designed to make you work with the whole ELK stack.
    Thumbs up for JoyDragon, he did a great job for that.

    Here is my hints:

    • User: The picture give you the key to control/find the needle in all the data you can gather.
    • root: Sense the version of things to get the banana. Then, enroll yourself in a commando to execute your will to the last element of the stack.

    I hope it helps :smile:

  • Just got root, this was my first box and i've spend about 20 hours on it.
    It was way harder then I anticipated at first. Learned alot of new stuff, hope I'm more prepared for new challenges now since I was not really prepared for the "puzzle" part of this one.
    If you don't give up on this box you will eventually get it, this thread has alot of info to tie it all together. GL!

  • Type your comment> @wish said:

    Type your comment> @Nick said:

    Type your comment> @wish said:

    I have found some B**k details and some q****s ....is this a right path ...how to use this info...

    i have same question with you,any hints?thanks

    nothing yet........

    Finally got user...........

  • I have no idea what to do once I get access to the initial user. How do I do a privesc to the k* user

  • I just need a nudge to go from s* to k*. I looked at the R*M file I ran the script nothing.

  • Type your comment> @wish said:

    Type your comment> @wish said:

    Type your comment> @Nick said:

    Type your comment> @wish said:

    I have found some B**k details and some q****s ....is this a right path ...how to use this info...

    i have same question with you,any hints?thanks

    nothing yet........

    Finally got user...........

    great job!!
    i still stuck in here,any hint for me?thanks alot

  • edited July 2019

    Hello guys :)
    Just started haystack.
    Could you tell me if the needle.img is connected with steganography? Do I need to use steganography tools to obtain some information from this picture?

    Edit: Ok, I found it :smile:
    Hint: use e.g. burp guys!

  • edited July 2019

    I found the p...: s******.i*.k** but it doesn't seem to work anywhere, I ve tried some default users front door, didn't seem to work, is it a rabbit hole or am I overthinking it? Hint pls x)
    EDIT: Okey that was stupid from me, when you find the p... don't be excited and forget to see what else is there
    thanks @penturmeade for the Hint: "if you found the password, the user is very close by"

  • Eventually got the machine's root. It was a headache but very interesting. Learnt quite a few things along the way. :)

  • I'm having trouble performing privesc from the user account. I'm trying to run a js file uploaded to the machine using the LFI vuln. The response i get back from sending the GET request with CURL is a 400 Bad request. apis paramerer is required. My query however does include a apis value. Did anyone else experience this?

  • @Xtrato Use quotes. curl 'url-here'

    fasetto

  • @fasetto said:
    @Xtrato Use quotes. curl 'url-here'

    I managed to get a shell once but right now the same command is doing nothing.

  • edited July 2019

    Can anyone give me a tip please?

    Trying to get root and I get 404 when trying to curl my exploit... does it have to be in a certain path?

  • @vGsec; You are missing something probably. DM if you want me to check your payload.

    fasetto

  • Type your comment> @vGsec said:
    > @fasetto said:
    > @Xtrato Use quotes. curl 'url-here'
    >
    >
    >
    >
    >
    > I managed to get a shell once but right now the same command is doing nothing.

    Try renaming it. Things only seem work one time
  • @KeyboardCaper said:

    I managed to get a shell once but right now the same command is doing nothing.

    Try renaming it. Things only seem work one time

    Hey would you mind DMing me, I'm super stuck trying to get the LFI to execute... just getting 404 or some error about a parameter....

  • Type your comment> @mofa28 said:

    User is awful. Root is nice

    I'm finding the exact opposite.

  • Type your comment> @aj8417 said:

    Type your comment> @mofa28 said:

    User is awful. Root is nice

    I'm finding the exact opposite.

    Same, user was pretty easy. Root. Spent 2 days banging head against wall trying to get LFI to work...

  • stuck on the k****a user. I know I am supposed to do something with l******h, just not sure how or what to do. Any nudge would be awesome

  • Is there any exploit to become k****a user..i found one exploit which is RCE which is not working.....

  • edited July 2019

    Those who are stuck at going banana, you need to look at a certain config file and see why the *F* exploit you are using is not working (it can only be ran from a certain place, you already have the tool on the machine to do it) ;)

  • edited July 2019

    i have k******a. but i have problem to edit/make .c***
    any hint?????

    curl: (52) Empty reply from server

    why???? does not work and others do not. for LFI

    rubenix

  • edited July 2019

    If anyone needs a nudge with user feel free to send a pm :smile:

  • Can some kind soul nudge me in the right direction on root? I can see the ki***a but cant figure out how to pivot to that user. Dunno could be blind. Anyway any hints would be greatly appreciated.

    S1ph1lys

    We are the things that were and shall be again

  • edited July 2019

    I think I'm really close to root... Can someone PM me to discuss?
    Edit: Nevermind, I got it! Feel free to PM me for help!

    PM me on Discord: t0thkr1s#0880

  • Hi, think found what need for root. Found soemthing that looks like it link were i can write now, Can someone OM me to discuss

Sign In to comment.