Why wen i run the exploit from scrity to k**a*a, some times works, sometimes dont?
Yes, the exploit is a bit flaky, I think it has to do with other people using it at the same time. Keep trying, it DOES work as described.
@rfalopes said:
Hello, Im ki**na, any tip to get root?
Ponder why the ELK stack has that name, and which letters you have already used so far. Read a bit up on that third part of the trinity. Then figure out what it does on this box and do something quite similar to what you've done before.
Why wen i run the exploit from scrity to k**a*a, some times works, sometimes dont?
Yes, the exploit is a bit flaky, I think it has to do with other people using it at the same time. Keep trying, it DOES work as described.
@rfalopes said:
Hello, Im ki**na, any tip to get root?
Ponder why the ELK stack has that name, and which letters you have already used so far. Read a bit up on that third part of the trinity. Then figure out what it does on this box and do something quite similar to what you've done before.
Yes i know... Now i need do make a priv. esc. using the Lostah... And i find the CVE-2017-170 but i dont know how to use it
This box is infuriating, I have spent days looking at files and installation methods on the ELK, and read all 22 sections of this forum and nothing. I have enumerated the box and found nothing but rabbit holes in the various installation paths available and read some more on what was in there. Then another user pointed me in a direction that again yielded another infuriating path that I thought it was utilizing the method to gain initial user. I know I need to p*** to k***a but ffs I don't see it. Any direction that would be greatly appreciated.
Rooted. The user was fun... Wasn't really a fan of getting the root. I don't think this was an easy box. Thanks to everybody for all the hints and the links provided.
Hello, I'm having a lot of trouble finding the username. I have the database and found the password, but have been translating for hours and haven't found anything pertaining to a username. Any help is greatly appreciated.
Hello, I'm having a lot of trouble finding the username. I have the database and found the password, but have been translating for hours and haven't found anything pertaining to a username. Any help is greatly appreciated.
If you have found the needle, just search for it. There are only 2 matches
Rooted the box with the help of the comments here. Can someone message me what enum I had to run / check to find the l***** user ? Got more ore less spoiled and skipped that enum ...
Stuck on getting root. I know where to put the file but i am having problems with it. The file goes away after a few minutes but nothing happens. Can some give me a hint.
I only got as far as doing you basic scans like every other box, I used my steg skills to get a message from the picture, but I don't know where to go next. Could someone help me please? Feel free to shoot me a pm. Thank you!
Guys i need a nudge I dumped all the data from high port in the /b*** and /q***** but found nothing please nudge me
Look further in the bits of the image at 80.
Got root!
For anyone is stuck in L** (empty reply from server). Some hints:
1 - Use quotes ever (CURL "http://");
2 - RENAME your .js file. Don't use shell.js or shell_1.js, rename to xpto_1233.js or another strange unique name. Really, this is a save point!
Comments
Type your comment> @rfalopes said:
Yes, the exploit is a bit flaky, I think it has to do with other people using it at the same time. Keep trying, it DOES work as described.
Ponder why the ELK stack has that name, and which letters you have already used so far. Read a bit up on that third part of the trinity. Then figure out what it does on this box and do something quite similar to what you've done before.
Type your comment> @BT1483 said:
Yes i know... Now i need do make a priv. esc. using the Lostah... And i find the CVE-2017-170 but i dont know how to use it
You're thinking way, way more complicated than it is.
Take a look at what l******h is doing.
Can someone please PM me how to escalate from Ki*****ana user to root. Cant understand how to use lo******sh for that...
This box is infuriating, I have spent days looking at files and installation methods on the ELK, and read all 22 sections of this forum and nothing. I have enumerated the box and found nothing but rabbit holes in the various installation paths available and read some more on what was in there. Then another user pointed me in a direction that again yielded another infuriating path that I thought it was utilizing the method to gain initial user. I know I need to p*** to k***a but ffs I don't see it. Any direction that would be greatly appreciated.Got shell with k******a
Creating l****h_* files (for shell)
files are gone after minutes, but nothung... any help?
Update!
Found! Its all in the spacings...
Rooted. The user was fun... Wasn't really a fan of getting the root. I don't think this was an easy box. Thanks to everybody for all the hints and the links provided.
got user. that was very fun!! there is an incredibly useful tool for user! PM me if you need a hint
Hello, I'm having a lot of trouble finding the username. I have the database and found the password, but have been translating for hours and haven't found anything pertaining to a username. Any help is greatly appreciated.
Type your comment> @binaryfigments said:
I,m in the same point, please, someone could PM
If you have found the needle, just search for it. There are only 2 matches
Rooted the box with the help of the comments here. Can someone message me what enum I had to run / check to find the l***** user ? Got more ore less spoiled and skipped that enum ...
Stuck with 2 messages, 1 from pic and the other sql query with tons of Spanish. Can someone provide me some hints on this machine?
Type your comment
Stuck on getting root. I know where to put the file but i am having problems with it. The file goes away after a few minutes but nothing happens. Can some give me a hint.
Never-mind I got root now.
Found the uh.. hidden message up front, and well done! I really like this.
I just did a competition today and had some similar stuff so I was ready for it this time lol
Finally rooted!
That was the hardest one I've done so far.
Feel free to PM me if you need a hint.
Got root - not too bad. interesting box - good to learn about the ELK stack. Enjoyed root - good stuff - learnt some things.
Type your comment
PM for nuggets
Thanks @NieruHawic for the assistance on the last few steps!! Rooted!
I only got as far as doing you basic scans like every other box, I used my steg skills to get a message from the picture, but I don't know where to go next. Could someone help me please? Feel free to shoot me a pm. Thank you!
I'm stuck with the root, any hints going from user to ki***a ?????
Type your comment> @PwrZer0 said:
Look further in the bits of the image at 80.
Got root!
For anyone is stuck in L** (empty reply from server). Some hints:
1 - Use quotes ever (CURL "http://");
2 - RENAME your .js file. Don't use shell.js or shell_1.js, rename to xpto_1233.js or another strange unique name. Really, this is a save point!
Any nuggets, PM ME! I'll appreciate helping!
Rooted. If you'll have some trouble, PM me.
I‘m in the final step but it can not receive a shell form target. I changed the conf of l*****, but it didn't work. So plz PM.
Can anybody help me in PM. I uploaded my shell, but I cannot trigger it, I tried ssh pivoting and curl from inside but still no luck
Is it normal that the k***** service is not running ? Then I checked the k**** logs : "Another instance of K***** may be running!"
Thanks
Finally ROOTED!! PM me if you meet problems.