I'm stuck on last part to get root. Found the three f*****.cf , i****.cf, o*****.c**f files but don't know how to use them to get the root shell. Please Help!
Edit: Got root! Do not overthink just follow what the grok is asking you!
Took 8 hours from user to root, mostly because the initial privesc exploit before root seemed to randomly work at times and not work at other times for reasons I still can't figure out.
I'm K***** now and need help with the next step. I see the 3 files, and I think I know what to do but L******* keeps giving me errors. Can someone DM me and give me a nudge?
EDIT: Got root. Thanks to @wail99 for helping me out! Happy to help anyone who's stuck.
I got all the way to the g**k part and I've been stuck here for about 8 hours straight. I need to sleep now. been working on this machine for 14 hours.
DM me. I'll get back to you when I crawl out of bed later today. Bummed that I'm struggling so much with this one.
Also -- if you're having trouble getting up to the point where I am, I'll do my best to help out if you DM me.
If you get stuck on getting K****** and the obviouse privesc doesn't work make sure you use /tmp rather /home for your scripts.
With G***k part keep it simple, one simple line is all you need.
Rooted, But I don't know who rate this as easy box, I felt it like hard one with Spanish language. but anyway learn lot of things about ELK, and the most good part was ssh redirection:
[[email protected] ~]# id
id
uid=0(root) gid=0(root) grupos=0(root) contexto=system_u:system_r:unconfined_service_t:s0
[[email protected] ~]#
kibana running only localhost so you need to find away to redirect the connection to get access to localhost, after that have shell in somewhere and user this CVE url.
Im still stuck after 4 hours trying to get a remote shell as k*****. I've tried playing around with the POC but cant get the shell. If anyone could PM me with any hints to make it work I would very much appreciate it!
can someone pm a hint for user. I was able to get i**** dump but no idea what to search for. I feel like I am overthinking / missing something about the needle...
edit: got user thanks to tip for port 80
edit2: anyone dm me for hints on getting into k**** I found the CVE with the tips but just not able to get it to trigger . NVM was totally overthinking it...
Am stuck on pivoting to k***** user - pretty sure I am executing the L** from the right place with right syntax - no result :-( Would appreciate a DM with some pointers ..
Comments
Finally rooted! Thanks to @minimal0 for help.
It should not an easy box
I'm stuck at se*****y user, found the CVE, but I receive this when I try:
{"error":{"root_cause":[{"type":"illegal_argument_exception","reason":"request [/ai/c*****e/ai_s**er] contains unrecognized parameters: [ap],
Any hint?
Finally got root. I learned a lot on this one. I wasn't even aware of the E** stack before starting this.
Help pls, I find “pass:” but which username is?
Edit: found
I'm stuck on last part to get root. Found the three f*****.cf , i****.cf, o*****.c**f files but don't know how to use them to get the root shell. Please Help!
Edit: Got root! Do not overthink just follow what the grok is asking you!
thanks @matthegrinch
finally rooted !! what a funny box
feel free to PM me for hints
Got the user.txt. I'm coming root.txt
Profile: https://www.hackthebox.eu/home/users/profile/68523
Took 8 hours from user to root, mostly because the initial privesc exploit before root seemed to randomly work at times and not work at other times for reasons I still can't figure out.
Rooted. Plenty of hints here.
If you PM, please include the steps you've already taken. Don't forget to hit the respect button!
I'm K***** now and need help with the next step. I see the 3 files, and I think I know what to do but L******* keeps giving me errors. Can someone DM me and give me a nudge?
EDIT: Got root. Thanks to @wail99 for helping me out! Happy to help anyone who's stuck.
Not so easy.
@badwolf gave some good advice. If your priv esc fails or you find you cant use it again. Change the path, it will save you from resetting.
USER: think about what the stack is. What could you possible search for given the tips.
ROOT: toughest part, GROK, RTFM!
Easy user. But I don't know what to do for root. I used some enumerating tools and nothing.
(っ˘̩╭╮˘̩)っplz help.
I got all the way to the g**k part and I've been stuck here for about 8 hours straight. I need to sleep now. been working on this machine for 14 hours.
DM me. I'll get back to you when I crawl out of bed later today. Bummed that I'm struggling so much with this one.
Also -- if you're having trouble getting up to the point where I am, I'll do my best to help out if you DM me.
If you get stuck on getting K****** and the obviouse privesc doesn't work make sure you use /tmp rather /home for your scripts.
With G***k part keep it simple, one simple line is all you need.
Rooted, But I don't know who rate this as easy box, I felt it like hard one with Spanish language. but anyway learn lot of things about ELK, and the most good part was ssh redirection:
[[email protected] ~]# id
id
uid=0(root) gid=0(root) grupos=0(root) contexto=system_u:system_r:unconfined_service_t:s0
[[email protected] ~]#
Try!ng Hard3r, N3v3r G!v3Up.
kibana running only localhost so you need to find away to redirect the connection to get access to localhost, after that have shell in somewhere and user this CVE url.
Try!ng Hard3r, N3v3r G!v3Up.
Im still stuck after 4 hours trying to get a remote shell as k*****. I've tried playing around with the POC but cant get the shell. If anyone could PM me with any hints to make it work I would very much appreciate it!
If I have been helpful, respect is always appreciated.
https://www.hackthebox.eu/home/users/profile/67581
I'm at the last part. L****** isnt doing its thing. Can someone pm me? Thanks
Rooted it, I think the box sometimes works funky.
I got b***** string in the image decrypt it i got 2 passwords no username now dont know what to do
PM me need help!
I'm stucked at k***** user and woking with L******h and i read the conf and i have no idea what to do. Please PM me. I'll respect for your help.
Live to Learn
⭐⭐⭐⭐⭐⭐

I have s***** user and i'm stuck now on getting this url thing
Programming, Anime, Vidya Games~!
not sure if its because i'm on free, but getting the k**** user seems to take a ton of retrying
Programming, Anime, Vidya Games~!
Rooted!!! If u get stuck DM me.
Live to Learn
⭐⭐⭐⭐⭐⭐

Hint for user: search something similar to msg from .jpg in all index data from :9200 Search until you find all parts.
Can someone point me on what to do as banana user? I can see this user running app, but it does not look like app contains something interesting.
I think i should warn you, comment:
answering question "what to do for (how to get) banana?" not "what to do as (in the role of) banana".
@dontknow Search for a documented CVE about banana.
Just got root, feel free to PM if you need help
That was a nice box ! User was tedious, but root was fun, learnt a ton of stuff.
Type your comment
can someone pm a hint for user. I was able to get i**** dump but no idea what to search for. I feel like I am overthinking / missing something about the needle...
edit: got user thanks to tip for port 80
edit2: anyone dm me for hints on getting into k**** I found the CVE with the tips but just not able to get it to trigger . NVM was totally overthinking it...
Am stuck on pivoting to k***** user - pretty sure I am executing the L** from the right place with right syntax - no result :-( Would appreciate a DM with some pointers ..