• Finally rooted! Thanks to @minimal0 for help.

    It should not an easy box :neutral:


  • edited August 2019

    I'm stuck at se*****y user, found the CVE, but I receive this when I try:

    {"error":{"root_cause":[{"type":"illegal_argument_exception","reason":"request [/ai/c*****e/ai_s**er] contains unrecognized parameters: [ap],

    Any hint?

  • Finally got root. I learned a lot on this one. I wasn't even aware of the E** stack before starting this.

    Hack The Box

  • edited August 2019

    Help pls, I find “pass:” but which username is?
    Edit: found

  • edited August 2019

    I'm stuck on last part to get root. Found the three f*****.cf , i****.cf, o*****.c**f files but don't know how to use them to get the root shell. Please Help!

    Edit: Got root! Do not overthink just follow what the grok is asking you!

    thanks @matthegrinch

  • finally rooted !! what a funny box
    feel free to PM me for hints

  • Got the user.txt. I'm coming root.txt :)

  • Took 8 hours from user to root, mostly because the initial privesc exploit before root seemed to randomly work at times and not work at other times for reasons I still can't figure out.


  • Rooted. Plenty of hints here.

    If you PM, please include the steps you've already taken. Don't forget to hit the respect button!

  • edited September 2019

    I'm K***** now and need help with the next step. I see the 3 files, and I think I know what to do but L******* keeps giving me errors. Can someone DM me and give me a nudge?

    EDIT: Got root. Thanks to @wail99 for helping me out! Happy to help anyone who's stuck.


  • Not so easy.

    @badwolf gave some good advice. If your priv esc fails or you find you cant use it again. Change the path, it will save you from resetting.

    USER: think about what the stack is. What could you possible search for given the tips.
    ROOT: toughest part, GROK, RTFM!

  • Easy user. But I don't know what to do for root. I used some enumerating tools and nothing.

  • edited September 2019

    (っ˘̩╭╮˘̩)っplz help.

    I got all the way to the g**k part and I've been stuck here for about 8 hours straight. I need to sleep now. been working on this machine for 14 hours.

    DM me. I'll get back to you when I crawl out of bed later today. Bummed that I'm struggling so much with this one.

    Also -- if you're having trouble getting up to the point where I am, I'll do my best to help out if you DM me.

  • If you get stuck on getting K****** and the obviouse privesc doesn't work make sure you use /tmp rather /home for your scripts.
    With G***k part keep it simple, one simple line is all you need.

  • Rooted, But I don't know who rate this as easy box, I felt it like hard one with Spanish language. but anyway learn lot of things about ELK, and the most good part was ssh redirection:

    [[email protected] ~]# id
    uid=0(root) gid=0(root) grupos=0(root) contexto=system_u:system_r:unconfined_service_t:s0
    [[email protected] ~]#

    Hack The Box

    Try!ng Hard3r, N3v3r G!v3Up.

  • @ivnnn1 said:
    I'm stuck at se*****y user, found the CVE, but I receive this when I try:

    {"error":{"root_cause":[{"type":"illegal_argument_exception","reason":"request [/ai/c*****e/ai_s**er] contains unrecognized parameters: [ap],

    Any hint?

    kibana running only localhost so you need to find away to redirect the connection to get access to localhost, after that have shell in somewhere and user this CVE url.

    Try!ng Hard3r, N3v3r G!v3Up.

  • Im still stuck after 4 hours trying to get a remote shell as k*****. I've tried playing around with the POC but cant get the shell. If anyone could PM me with any hints to make it work I would very much appreciate it!


    If I have been helpful, respect is always appreciated.

  • I'm at the last part. L****** isnt doing its thing. Can someone pm me? Thanks

  • Rooted it, I think the box sometimes works funky.

  • I got b***** string in the image decrypt it i got 2 passwords no username now dont know what to do
    PM me need help!

  • I'm stucked at k***** user and woking with L******h and i read the conf and i have no idea what to do. Please PM me. I'll respect for your help.

    Live to Learn

    Hack The Box

  • I have s***** user and i'm stuck now on getting this url thing

    Programming, Anime, Vidya Games~!


  • not sure if its because i'm on free, but getting the k**** user seems to take a ton of retrying

    Programming, Anime, Vidya Games~!


  • Rooted!!! If u get stuck DM me.

    Live to Learn

    Hack The Box

  • edited September 2019

    Hint for user: search something similar to msg from .jpg in all index data from :9200 Search until you find all parts.

    Can someone point me on what to do as banana user? I can see this user running app, but it does not look like app contains something interesting.

    I think i should warn you, comment:

    @dontknow Search for a documented CVE about banana.
    Just got root, feel free to PM if you need help

    answering question "what to do for (how to get) banana?" not "what to do as (in the role of) banana".

  • @dontknow Search for a documented CVE about banana.
    Just got root, feel free to PM if you need help

  • That was a nice box ! User was tedious, but root was fun, learnt a ton of stuff.


  • Type your comment

  • edited September 2019

    can someone pm a hint for user. I was able to get i**** dump but no idea what to search for. I feel like I am overthinking / missing something about the needle...

    edit: got user thanks to tip for port 80

    edit2: anyone dm me for hints on getting into k**** I found the CVE with the tips but just not able to get it to trigger . NVM was totally overthinking it...

  • Am stuck on pivoting to k***** user - pretty sure I am executing the L** from the right place with right syntax - no result :-( Would appreciate a DM with some pointers ..


Sign In to comment.