Haystack

1171819202123»

Comments

  • Is it normal that the k***** service is not running ? Then I checked the k**** logs : "Another instance of K***** may be running!"

    Forbidden access to the service from outside doesn't mean that it's not running.

    Hack The Box

  • dang need hint on user, dumped all from elastic, searched for key, cant puzzle it together, not great at this CTF thing :)

    ntroot

  • Type your comment> @qmi said:

    @andresitompul said:

    How did you figure out the username if you don't know the password? B/c it's in the same data dump but a little above. Did you get a spoiler?

    i did a python script to check each default username.
    and one of may tested username its valid.. thats it.

    I see.

    i dont know how to dump the database.

    any clue ?

    You may need to use an extension to ELK which enables you to view data using SQL queries. You will see tables, columns and finally data dump by the help of the good old cURL.

    does the ssh port forwarding also work on this machine without password ?

    No. You will need to have SSH user/password.

    i already have the sec login ssh and got user.txt
    but no idea for getting the root.

    how ?

  • Type your comment> @rfalopes said:

    Type your comment> @BT1483 said:

    Type your comment> @rfalopes said:

    Why wen i run the exploit from scrity to k**a*a, some times works, sometimes dont?

    Yes, the exploit is a bit flaky, I think it has to do with other people using it at the same time. Keep trying, it DOES work as described.

    @rfalopes said:
    Hello, Im ki**na, any tip to get root?

    Ponder why the ELK stack has that name, and which letters you have already used so far. Read a bit up on that third part of the trinity. Then figure out what it does on this box and do something quite similar to what you've done before.

    Yes i know... Now i need do make a priv. esc. using the Lostah... And i find the CVE-2017-170 but i dont know how to use it :/

    same me too.. i dont know how to upload the exploit.. the wget command is not there, tried curl as well to upload the exploit, but it doesnt work.

  • edited October 2019

    Type your comment> @andresitompul said:

    same me too.. i dont know how to upload the exploit.. the wget command is not there, tried curl as well to upload the exploit, but it doesnt work.

    You have already shell access to the machine, I assume? So no need to work from remote.

    No nano or vi? No problem. There are other ways to get text into a file. After all, you can't (sensibly) edit anything in /proc either, yet there are ways to change the content of the stuff in there. This of course just being an example, you don't need to mess with the contents of /proc on this box!

    Also, please try to correctly attribute your quotes, this one ain't from me.

  • @andresitompul said:

    i already have the sec login ssh and got user.txt
    but no idea for getting the root.

    how ?

    It was hinted in this forum before: there is an LFI vulnerability in this version of Kibana. Try to search for it on the web, you can elevate from sec****y account privileges to kibana user account first, from there you can craft a reverse shell and from there work your way to root.

    Regards,
    qmi

  • edited October 2019

    I was able to switch to k***** once. but the second, when I tried to understand how I did it, I couldn't reach the corresponding port. :) I wish I had continued my first attempt at root: D

    *Edit: After post Finally rooted (:

  • I used dirbuster on the ip and found the /b*** directory but now what? Can someone please help me :((

  • Spoiler Removed

  • Hey guys, stuck on get the k***** user.
    Tried everyrthing, would love someone help on PM.

  • Type your comment> @toumie2 said:

    I used dirbuster on the ip and found the /b*** directory but now what? Can someone please help me :((

    You don't need special tools for this. Try to understand what app answer you on high port. Then just RTFM and this thread again.

  • Type your comment> @petruknisme said:

    Type your comment> @Sav said:

    Type your comment> @vmonem said:

    I am able to read qu*s and bk from port 9200 but can't figure username, or the needle. (I also got data from port 80, and translated it).

    Any Hints on PM will be appreciated.

    I m on the same boat, did you get any further??

    You will notice the strange things in there. Just focus and becarefull when reading that.

  • This box was my first ever real attempt. Thanks to all for the hints in here.

    Successfully owned root!

    Arrexel

  • this is my first HTB! A bit more challenging than I expected.

    Can i get a nudge/PM for root? I currently have a shell as K*** and i see a certain L***H input file/dir that looks promising but not sure what to do with it.

    TIA, have a great day!

  • Type your comment> @initinfosec said:

    this is my first HTB! A bit more challenging than I expected.

    Can i get a nudge/PM for root? I currently have a shell as K*** and i see a certain L***H input file/dir that looks promising but not sure what to do with it.

    TIA, have a great day!

    Ponder what L....H is. What is is used for? What would you expect such a thing to do? Where would you expect configuration for it? Read that. Find out what it means that you see in there. Google the things that are configured and find out what they do.

    It becomes quite clear quite quickly that way.

  • edited November 2019

    I've got an initial user foothold but having trouble changing user from there using found CVE, wondering if I'm even going the right direction. Any pointers via PM would be most welcome.

    Edit: ...and rooted. Feel free to PM me for a hint!

  • This was a fun box. Definitely a layered approach to gaining root! Nothing to add other than what's already been said in the line of hints.

  • Finally got root. For me the number of browser tabs to close when done is a decent measure of difficulty. 14 tabs at the end of this one. Not bad! ;-)

    Hints are good - lots of discussion. I will say the syntax for the final challenge bugged me - I guess there are some things I don't care to learn - but renaming the file after modifying and waiting was key. Seemed like the shell came out of nowhere while I was trying other things. Reflecting on the steps - I can see how the spanish adds some confusion/misdirection I could've done without. It was a worthwhile challenge but I'm happy to put this one behind me.

    PM for nudges.

  • First ever box i got rooted here (out of the school lab) I can say it is a mind fuck in the beginning. That's why I will try to give a hint without spoiling anything.

    User: I would really take a look at that pic. I mean the name of the box suggests that this picture is not there by accident. So take a look at it. BTW jpgs can be opened with other programs so give it a try. After that enumerate to find some creds that will be really helpful. Also the language in this box is of big importance. PMs are welcome.

  • I don’t even see the code. You get used to it. All I see is blond, brunette and red-head...

  • Type your comment> @BT1483 said:

    Type your comment> @initinfosec said:

    this is my first HTB! A bit more challenging than I expected.

    Can i get a nudge/PM for root? I currently have a shell as K*** and i see a certain L***H input file/dir that looks promising but not sure what to do with it.

    TIA, have a great day!

    Ponder what L....H is. What is is used for? What would you expect such a thing to do? Where would you expect configuration for it? Read that. Find out what it means that you see in there. Google the things that are configured and find out what they do.

    It becomes quite clear quite quickly that way.

    rooted, thank you!

  • Def could use a nudge if any one is willing. DM and I can give an outline of what I have done / where I am at.

  • edited October 2019
    I figure it out what model and port is using what's next? Can help me?
  • edited October 2019

    OK, I am really struggling at the last hurdle here.

    I have a k****a shell. I am in o**/k****a. I am creating a file l******h_* with a reverse shell. I thought that this would be parsed by G********A:c*****o and would be executed.

    Where am I going wrong? Help

    EDIT: Decided to try just one more thing. Got root at last. Happy.

  • Really, if that was a easy box, I am Elvis Presley... I had to read a lot until find the way to root, the user was tricky during WEEKS.... I can not imagin how will be a hard machine.... bufff

  • Well, it didn't really contain any rabbit holes, the exploits did return information that allowed you to see whether they work (mostly... ok, one didn't always), it was usually one step only to gain the elevated privileges...

    Yes, it's an easy box. It's at the very least more an easy box than Safe is.

Sign In to comment.