Haystack

1141517192023

Comments

  • so i finally figured out that i need to know ELK stack to figure out high port and im learning quite a bit about this db, but i cant seem to figure out the proper syntax to extract data..perhaps a little nudge to get me going in the right direction :)

  • Can someone PM me ? I need help.

  • Type your comment> @farbs said:
    > Type your comment> @adam12 said:
    >
    > @Uvemode search Gtihub. You'll find one.
    >
    >
    >
    >
    >
    > Depending on your syntax, you can actually do it all without the tool anyways.

    personally I did over 200 requests, I'm sure there was a more elegant way but once I figure the search syntax it was quicker to copy and paste than figure out another script if anyone wants to pm me the more elegant options or a reference to them then I'd love to hear it. Now if only I could get the CVE for the pivot to work have no idea why it's not working

    CurioCT

  • Guys, need help in moving from S******y user to K*****a user.. Pls PM me

  • Can anyone PM me for some hint about privesc? I have questions about elevating from s******* to k*****.

  • Got the user..after that am stuck, need help, DM me pls
  • edited August 2019

    rooted, user was not really intersting , however root was very fun

  • I am k***** and I can smell root... thanks everyone for hints and nudges.

  • edited August 2019

    hey folks,
    I need help from s***** to k***** please pm me.

    edit: got it... it looks like only the first trigger of the remote shell after a restart works..

  • edited August 2019

    Can someone DM, need help.

    Found the key and tried to use an e***********h CVE to set up a remote connection but the server doesnt reply. Found all the indices and I feel like I am querying them wrong

  • Struggling to get from s* to k*. I have read the config file, and I believe I understand where to run it from. But I keep getting curl(52) empty server. A nudge would be greatly appreciated!

  • Got root yesterday, but I'm wondering why it took the script muuuch longer then 10 segundos to be invoked. Please PM me in case you can tell me why.

  • edited August 2019

    think I am finally on the last stage

    found the three files

    1. pretty sure I create a file at /**/k*****/l*******_

    2. But this needs to be processed first right through "***k"?

    found the pages and the d******r am I close or down yet another rabbit hole on this one please?

    CurioCT

  • So im currently trying for the root flag.

    So my problem is the reverse shell. I've uploaded a shell and put it in /tmp/shell.js

    The IP is sat at myu tun0 ip and the port ist 8008. However, when visiting the CVE LFI url. The page just loads indefinietly and the shell never connects. Any tips on how to fix this issue?

  • Type your comment> @CurioCT said:

    think I am finally on the last stage

    found the three files

    1. pretty sure I create a file at /**/k*****/l*******_

    2. But this needs to be processed first right through "***k"?

    found the pages and the d******r am I close or down yet another rabbit hole on this one please?

    Well I figured it!!!!!!!!!!!! :)
    All i can say is F*****G FINALLY!!!!!!!!!!!! :smile: :smile: :smile:

    That's supposed to be an easy one? think I might be well out of my depth

    CurioCT

  • Struggling with user. I think I've got everything I need but the pieces don't seem to fit. If anyone feels like giving me a push, I'll happily share everything I've done so far. Was having fun for a bit and now it's just frustrating me because hints are like "use the needle" and I'm like ¯_(ツ)_/¯ .

  • have been able to find the "right needle". I am stuck though, don't know what to use as creds in the needle result and where to put them to get user.
    would really appreciate any specific nudges!

  • Is the rubberbandfind cve a rabbit hole? Please PM

    LordeDestro

  • Type your comment> @maru37 said:

    Struggling with user. I think I've got everything I need but the pieces don't seem to fit. If anyone feels like giving me a push, I'll happily share everything I've done so far. Was having fun for a bit and now it's just frustrating me because hints are like "use the needle" and I'm like ¯_(ツ)_/¯ .

    Did you progress? I think we both are in the same boat.

  • Been a way for a while, came back and gave haystack a go

    So everything up untill that very last step is fairly straight forward

    found 3 files, know exactly what to edit and where. but for groks sake i cant seem to get that last step working !

    Any hints on that would be appreciated !

    ZaphodBB

  • Feel free to PM me if you have questions

  • Figured it out. needed to catch up on my regex skills

    ZaphodBB

  • Rooted. PM me if you need hints. Thx @gluggers !

  • Rooted. Finally. Thanks a lot to all of you awesome people. :)

    User is quite easy.

    And IMO root is not that difficulty too if you know what to look for.
    The steps itself and what to do, is reading and executing, but to figure out what to look for was the hard part for me. But the hints in the forum helped much!

    If you need help. Feel free to PN me. :)

  • im tryng getting user...some hint ? also in private? i cant find something usefull mmh maybe i dont know how retrieve something from 9*** , any help?
    im pretty noob

  • hg8hg8
    edited August 2019

    Managed to get user faster than expected but couldn't get the hint for the 80 port. Can someone PM me out of curiosity ? Thanks

    EDIT: Nevermind I figured it out! PM me if you need tips on this 80 :)

  • edited August 2019
    Yay, rooted. Was quite fun in the end. Would never have got there without reading this thread, mind you.

    emilkloeden

  • Done; i've learned a lot. Thanks for the box!

  • edited August 2019

    Certainly have square eyes after hunting for the password for user. Found the username but absolutely stumped on the password, I feel I'm over complicating this. Can anyone PM me some tips :)

    EDIT: Huge thanks to @hg8 for helping me use my brain!

  • Rooted!
    The privesc was super fun and learned a lot about ELK stack. Thanks for the box.

    PM if you need little help :)

Sign In to comment.