Haystack

11719212223

Comments

  • Need help on root, newbie with privesc, please PM me

  • Could someone give this noob another nudge via dm? I see the three c*** files - figured out syntax via the online debugger. Struggling with how to trigger or what to input...

    NotSmartEnuf

  • edited September 2019

    Can someone help me with the root, please? I am getting '{"statusCode":400,"error":"Bad Request","message":"\"apis\" is a required param."}' error everytime I try to use the exploit.

  • So I am the k****** user and saw something in this thread about l*****h and gk. Found the l*****h file in the /e/ directory, with the three c****.* files, found a potentially interesting URL with information on the internet, but am now stuck on what to do next. Is somebody able to help me/give me a nudge/talk me through the process?

  • edited September 2019

    hmm so far i got user and on the way to root. I don't know how to go on from the user obtained in the user part. Can someone PM me for me for help?

    Edit: got K***** now and going on to root...

  • edited September 2019

    okay been K***** for a while now and I am RTFM for the 3 files but I am clueless on how this helps..

    Edit: I think I am on the right track but don't want to post any spoilers if someone wants to DM me to confirm?
    Edt2: Once again over thinking. I am 99% there (my reverse shell keeps failing with ambiguous redirect)
    Edit3: tried a different reverse shell and ROOT! hardest machine for me yet, but I learned a lot!

  • Ok, i have the text un spanish and i Talk spanish but cant figure out the user and password . If anyone could help me i Will be so gratefully.

    Sorry for bad english
  • edited September 2019

    finally rooted !!

    User was easy but root was really hard for me.

  • finally rooted

    Hints:
    user: dump
    root: l*******

  • I need help for user.
    I have no idea how to get the database.

  • Type your comment> @RandomPerson00 said:

    I need help for user.
    I have no idea how to get the database.

    Check ports

  • edited September 2019

    Type your comment> @rholas said:

    Type your comment> @RandomPerson00 said:

    I need help for user.
    I have no idea how to get the database.

    Check ports

    I should have been more specific. My mistake.
    I have the port I just don't know how to properly interact with it.

    Edit: I got user.

  • edited September 2019

    Rooted.

    Nudge: Read & understand the necessary conf files then try to create a file with the payload in the 'target' dir, then rest and sip some coffee. ;)

    ...but first, have some basics about Logstash.

    https://logz.io/blog/logstash-tutorial/
    https://logz.io/blog/logstash-grok/
    https://www.elastic.co/guide/en/logstash/current/plugins-inputs-file.html

    Happy Hacking! :)

  • Type your comment> @ivnnn1 said:

    I'm stuck at se*****y user, found the CVE, but I receive this when I try:

    {"error":{"root_cause":[{"type":"illegal_argument_exception","reason":"request [/ai/c*****e/ai_s**er] contains unrecognized parameters: [ap],

    Any hint?

    Check your port. It's not 9200.

    Deleite

  • Is it worth it to pay for VIP? The servers seem useless at the free level. I've had one login over ssh that immediately froze and about 37 other attempts that timed out. My time is being wasted here, even after solving the "riddle".

  • Finally rooted this box, figuring out the syntax for the last step of root was a roller coaster.

    Y3llowMustang
    A+ | Net+ | Sec+ | Server+ | CySA+ | PenTest+ | CASP+

  • Fun but certainly a challenging box. By all means drop a dm if you want a hint

  • Finally rooted.

    One of trickiest machines I've done in HTB.

    My tips for root:

    • In my case the execution of the 'comando' didn't work because of quotes.
    • The logstash input process is self triggered.
    • Sometimes if you create more than one file the trigger is faster.

    PM if need more hints.

    Deleite

  • Stuck on last part. Got k****a and found the three files. Managed to parse the g**k filter but not sure about payload in l******h_ file? Am I on the right track, DM a nudge if poss :)

    psyc0n

  • edited September 2019
    that was funny =) got root while reading forum for hints, cause the file didn't trigger. seems i was doing everything right way.... just wonder why it didn't trigger after 10 sec first time? EOF?

    edit: read couple of comments before to answer my question. and this http://grokdebug.herokuapp.com might be helpful
    edit: the debugger will tell you multiple lines are ok, but it's not. it has to be one line and newline in the end
  • Got user but trying to get root. I know I need to do some priv escalation to a certain user and use that to exploit a certain vulnerability for l******* I think? If you have any tips or hints, a PM or comment would be much appreciated!

  • Got it. Thanks a lot @FredHappyface for the help. Thanks to @deleite too :smiley:

  • Root dance - Thanks to @v01t4ic & @saminskip for the nudge on root :)

    Root tip - On the final step "Stick to one line"...

    psyc0n

  • edited September 2019

    Someone can help me in PM with the user ?
    I figured out the clue to port 80, but I can't find anything on the db.

  • ela*********h 6.4.* is this a rabbit hole
    am trying to get my first rev shell

  • Please anyone nudge for process after security user. Can not find any way to escalate to K user then to root. Spent the whole night only to bypass user. Found the cve but how to relate kibana hosted at localhost when all conf files are read only? Thanks in advance

  • Type your comment> @deleite said:

    Finally rooted.

    One of trickiest machines I've done in HTB.

    My tips for root:

    • In my case the execution of the 'comando' didn't work because of quotes.
    • The logstash input process is self triggered.
    • Sometimes if you create more than one file the trigger is faster.

    PM if need more hints.

    Thank you, this saved me... found out what needed to be done pretty quickly but spent hours trying g**k statements.

    Thanks for the box @JoyDragon. Learned alot that, to me, was useful in more then one way since we will be using ELK at work soon :+1:

  • Type your comment> @deleite said:

    Finally rooted.

    One of trickiest machines I've done in HTB.

    My tips for root:

    • In my case the execution of the 'comando' didn't work because of quotes.
    • The logstash input process is self triggered.
    • Sometimes if you create more than one file the trigger is faster.

    PM if need more hints.

    Congrats mate :)

  • @Y3llowMustang said:
    Finally rooted this box, figuring out the syntax for the last step of root was a roller coaster.

    Big up buddie! :)

  • Type your comment

Sign In to comment.