Haystack

191012141523

Comments

  • edited July 2019

    Finally got user.. Hunting for root

    Edit: Rooted.. PM me if you need help


    If you appreciate my help, please give +1 respect https://www.hackthebox.eu/home/users/profile/22274

  • Allllright stuck yet again.

    Finally got Kibana. Now I'm completely lost. Any pointers at all would great.

  • any ideas on why i am getting "error 52 empty reply from server" after i curl anything after apis=

    asked so many people and simply cannot work out what i am doing wrong

  • Type your comment> @dalemazza said:

    any ideas on why i am getting "error 52 empty reply from server" after i curl anything after apis=

    asked so many people and simply cannot work out what i am doing wrong

    use quotes >> curl " http://som.url"

  • Type your comment> @smaxs said:

    Type your comment> @dalemazza said:

    any ideas on why i am getting "error 52 empty reply from server" after i curl anything after apis=

    asked so many people and simply cannot work out what i am doing wrong

    use quotes >> curl " http://som.url"

    got the same error. i even swapped servers.

  • Type your comment> @dalemazza said:

    Type your comment> @smaxs said:

    Type your comment> @dalemazza said:

    any ideas on why i am getting "error 52 empty reply from server" after i curl anything after apis=

    asked so many people and simply cannot work out what i am doing wrong

    use quotes >> curl " http://som.url"

    got the same error. i even swapped servers.

    An empty response which comes immedietly, may mean that something has connected to your nc. Have you tried a command in that box?

    Also, it seemed to be a little like, once the exploit had been used, it's unusable for the next person to come. I had that issue when i accidently closed my shell..

    Running for OSCP

  • i'm root! tke to @thegoatreich for hint about rename file! and @k0zur3 for hint about root!!!!

  • Finally got root. I really enjoyed this one. It would have taken me way longer if the forum here hadn't suggested to go from s* user to k* user before heading to root. There seems to be some amazing minds here on htb.

    Arrexel
    eJPT

  • user was easy stuck on root .

  • A tip that will save you from trouble and resets:

    When you have ran the exploit, you can still use it again. However you can't use it with the same path. Change its name and its still usable.

  • edited July 2019

    can anyone help me with k****a , I am facing problem executing the J*** sh***

  • edited July 2019

    see below

    Please send respect if I helped you out
    Discord: east_west#9811

  • edited July 2019

    Hey guys, I'm on the very last step. I can't get g**k to work for me to save my life. Can anyone help me out via PM or something? I would appreciate it a lot.

    EDIT: Got it with some help from @jfx41 .

    User: Learn how to work with E in ELK.
    Root: It really is all about the g**k filter. It has to be right or nothing will work. Learn exactly what it wants.

  • edited July 2019

    If you're stuck on getting user just make sure you properly decrypt the base64... I was being silly

    Please send respect if I helped you out
    Discord: east_west#9811

  • edited July 2019

    Hmm, trying to esc from user to K****a user but invoking the c**l command returns the unknown parameter error. What am I getting wrong?

    UPDATE - fixed it. Now to deal with the 'Empty Reply from Server' message.

  • After user, and working on root, but got a step up, not root. Do I just keep doing PriveEsc for root from here now? More enumeration?

  • Enjoyed the box! Having a good read about the ELK stack does make your life much easier, so you can understand how the various pieces come together. If you do this (and have performed sufficient enumeration earlier) you'll know exactly where to look to escalate further.

    @PanamaEd117 : Yeah enumerate more, as you'll have a different set of permissions now that you have a different user.

  • Its finally done, god damn this box! This box is kinda frustrating but was a good challenge.

    user: knowing a bit of spanish helps, use google translate if you can't understand it, pay close attention to the image, it holds secrets, learn to work with the things running on the higher port, so you can get to lower one.

    root: this is hell, you have to become another user, there is a cve for that, and once you become another user you need to read l******* configs so you understand how it works, then you need to trigger your files to get root.

    Good luck

  • Fighting for root......

  • edited July 2019

    Stuck on the user due the wrong syntax
    Stuck on the root due the wrong syntax
    Lol, that's a shame.

    Got it finally, root seems to be the easiest and most obvious part.

    Hints:
    User - never thought that Spanish needle is somehow different from English one

    Root -
    1. Double jump works.
    If you feel that you are on the right way but still can not find a path - use quotes.
    2. Enumeration and RTFM, do not overcomplicate the things

    ekka
    Making my way from newbie to pro

  • I am stuck at user, can anyone pm me please.

  • I would not consider this an easy machine. Root was not that easy. Needed to read up on some stuff to get there. I learned some stuff, so I am happy though :)

    Hack The Box

  • Just got user. Enjoyed that. Different from other boxes I played, but nonetheless enjoyable once I got a feel for it. looking forward to having a crack at root tomorrow.

    I like helping people. It helps me to clarify what I've learned from what I've done. If you message me for help please give as much detail as possible. Specifically: what you've tried, why you think it's not working and what you think you should try next. If you find me helpful I appreciate a respect vote.

    kaosneverdied

  • Figured out what to do for root... but i can't get the E******r c*****o to do anything. Need some guidance. PM?

  • Can't figure out for proper modification file and re run it :) May someone help mi with this one? :) ROOT stage!

  • that box made me angry

    Rooted but you will doubt yourself without the tip from the forum that you have to rename the file completely after using it once, doesn't matter if it ran or not.

  • Can someone PM me regarding root? I have k***** user and I know it has to do with g*** of l**s****. I'm having trouble getting the patterns to match on the debug site.

    slimz28

  • AklAkl
    edited July 2019

    Stuck on user :(
    I feel like I am doing something wrong with c**l, I can't get the needle.

    Got user, thanks @k10xima for the hint.

  • so stuck on root. got passed the cve. but have no clue what I am looking for. reading about privesc for linux now.

  • edited July 2019

    Tips for root: RTFM, spanish is (again) key, for each try rename your files in ***/k*****

Sign In to comment.