Haystack

11718192022

Comments

  • Type your comment> @rfalopes said:

    Why wen i run the exploit from scrity to k**a*a, some times works, sometimes dont?

    Yes, the exploit is a bit flaky, I think it has to do with other people using it at the same time. Keep trying, it DOES work as described.

    @rfalopes said:
    Hello, Im ki**na, any tip to get root?

    Ponder why the ELK stack has that name, and which letters you have already used so far. Read a bit up on that third part of the trinity. Then figure out what it does on this box and do something quite similar to what you've done before.

  • Type your comment> @BT1483 said:

    Type your comment> @rfalopes said:

    Why wen i run the exploit from scrity to k**a*a, some times works, sometimes dont?

    Yes, the exploit is a bit flaky, I think it has to do with other people using it at the same time. Keep trying, it DOES work as described.

    @rfalopes said:
    Hello, Im ki**na, any tip to get root?

    Ponder why the ELK stack has that name, and which letters you have already used so far. Read a bit up on that third part of the trinity. Then figure out what it does on this box and do something quite similar to what you've done before.

    Yes i know... Now i need do make a priv. esc. using the Lostah... And i find the CVE-2017-170 but i dont know how to use it :/

  • Yes i know... Now i need do make a priv. esc. using the Lostah... And i find the CVE-2017-170 but i dont know how to use it :/

    You're thinking way, way more complicated than it is.

    Take a look at what l******h is doing.

  • Can someone please PM me how to escalate from Ki*****ana user to root. Cant understand how to use lo******sh for that...

    Hack The Box

  • edited October 2019

    This box is infuriating, I have spent days looking at files and installation methods on the ELK, and read all 22 sections of this forum and nothing. I have enumerated the box and found nothing but rabbit holes in the various installation paths available and read some more on what was in there. Then another user pointed me in a direction that again yielded another infuriating path that I thought it was utilizing the method to gain initial user. I know I need to p*** to k***a but ffs I don't see it. Any direction that would be greatly appreciated.

  • edited October 2019

    Got shell with k******a
    Creating l****h_* files (for shell)
    files are gone after minutes, but nothung... any help?

    Update!
    Found! Its all in the spacings...

  • Rooted. The user was fun... Wasn't really a fan of getting the root. I don't think this was an easy box. Thanks to everybody for all the hints and the links provided.

  • got user. that was very fun!! there is an incredibly useful tool for user! PM me if you need a hint

  • Hello, I'm having a lot of trouble finding the username. I have the database and found the password, but have been translating for hours and haven't found anything pertaining to a username. Any help is greatly appreciated.

  • Type your comment> @binaryfigments said:

    Got shell with k******a
    Creating l****h_* files (for shell)
    files are gone after minutes, but nothung... any help?

    I,m in the same point, please, someone could PM

  • Hello, I'm having a lot of trouble finding the username. I have the database and found the password, but have been translating for hours and haven't found anything pertaining to a username. Any help is greatly appreciated.

    If you have found the needle, just search for it. There are only 2 matches

  • Rooted the box with the help of the comments here. Can someone message me what enum I had to run / check to find the l***** user ? Got more ore less spoiled and skipped that enum ...

  • Stuck with 2 messages, 1 from pic and the other sql query with tons of Spanish. Can someone provide me some hints on this machine?

  • Type your comment

  • edited October 2019

    Stuck on getting root. I know where to put the file but i am having problems with it. The file goes away after a few minutes but nothing happens. Can some give me a hint.

    Never-mind I got root now.

  • Found the uh.. hidden message up front, and well done! I really like this.

    I just did a competition today and had some similar stuff so I was ready for it this time lol

  • Finally rooted! :D

    That was the hardest one I've done so far.

    Feel free to PM me if you need a hint.

  • Got root - not too bad. interesting box - good to learn about the ELK stack. Enjoyed root - good stuff - learnt some things.

  • Type your comment

  • PM for nuggets

  • edited October 2019

    Thanks @NieruHawic for the assistance on the last few steps!! Rooted!

  • I only got as far as doing you basic scans like every other box, I used my steg skills to get a message from the picture, but I don't know where to go next. Could someone help me please? Feel free to shoot me a pm. Thank you!

  • I'm stuck with the root, any hints going from user to ki***a ?????

  • Guys i need a nudge I dumped all the data from high port in the /b*** and /q***** but found nothing please nudge me :)
  • Type your comment> @PwrZer0 said:

    Guys i need a nudge I dumped all the data from high port in the /b*** and /q***** but found nothing please nudge me :)

    Look further in the bits of the image at 80.

    Got root!

    For anyone is stuck in L** (empty reply from server). Some hints:

    1 - Use quotes ever (CURL "http://");
    2 - RENAME your .js file. Don't use shell.js or shell_1.js, rename to xpto_1233.js or another strange unique name. Really, this is a save point!

    Any nuggets, PM ME! I'll appreciate helping!

  • Rooted. If you'll have some trouble, PM me.

    Hack The Box

  • I‘m in the final step but it can not receive a shell form target. I changed the conf of l*****, but it didn't work. So plz PM.

  • Can anybody help me in PM. I uploaded my shell, but I cannot trigger it, I tried ssh pivoting and curl from inside but still no luck

  • Is it normal that the k***** service is not running ? Then I checked the k**** logs : "Another instance of K***** may be running!"

    Thanks

  • Finally ROOTED!! PM me if you meet problems.

Sign In to comment.