Haystack

1235723

Comments

  • Type your comment> @ismailyavuz said:

    Type your comment> @Vex20k said:

    I can only seem to find "s******y", but not the password. I managed to dump all the data, should I keep looking within this data?

    Username is not far away from password :) Look at the data carefully.

    Found! I think I re-read the entire dump like 3-4 times until I finally found it :)

    Vex20k

  • Need HINTS pls DM me!

  • Just got user, wow that was interesting. Looking back I enjoyed it! Frustrating at times, but that's the area we work it.

    Onto root.

  • edited July 2019

    I am on the last step to root. I found out what to do but cant trigger the event . Any hints?
    Edit : Got shell but dont know if someone else triggered it

    OSCP

  • I have some doubts on this? Can i pm some1 who has already got root?

  • any nugde for root ? I enumerate i think most of yml and process but no luck so for..

  • I'm with @humurabbi ... got root but not sure if I triggered it the right way or if someone else did. I tried to redo the steps and follow the process with pspy64 but the machine is a bit unstable with everyone running the exploits on it on eu-free . I think I did it right but would love a confirmation if someone just wants to drop me a PM and tell me what is the last command they used to trigger I would really appreciate...

  • How to stop getting the broadcast?

  • Any hints for root?

  • While privesc, is it possible to switch to the user k***** without causing a denial of service?

  • stuck on the root, anyone with nice hints DM me please :D

    OSCP
    el3ctr0

  • edited July 2019

    need help with root DM ME pls

  • Can someone PM me, trying to get LFI to work. Want to make sure I'm on the right path.

  • Can someone pm me for root.I think i'm on last step k****a l**s***h

  • Hmm. Still struggling with root. I think that I already created what is needed to get shell, but it's not being executed. Any help will be appreciated.

    PP

  • hello guys, how do we get into the machine ? i see ssh open, do we bruteforce it ? THANKS!

  • edited July 2019

    I have user and have gotten myself my initial foothold as s*******. For root I have tried enumerating the system and have found K***** but am having trouble finding the next step. If someone could PM me I'd be very appreciative! I will edit this post if I solve it, so if I've not edited it then I am still stuck.

  • do you guys bf ftp ? thanks!

  • Spoiler Removed

    Hack The Box

  • Hi guys... can i have a helping hand here? I have managed to find what's on port 80 and have found the 4 indices on ES but not too sure where you guys have found the username needed?

  • anyone with hint for the root?

    OSCP
    el3ctr0

  • Any hints on whats next after decoding the base64 and finding the message ?

    Hack The Box

  • Type your comment> @hxmo said:

    Any hints on whats next after decoding the base64 and finding the message ?

    log in and kill the user 😁

    OSCP
    el3ctr0

  • Type your comment> @el3ctr0 said:

    Type your comment> @hxmo said:

    Any hints on whats next after decoding the base64 and finding the message ?

    log in and kill the user 😁

    :open_mouth:

    Hack The Box

  • @hxmo make sure you enumerate the box. From there you will find the next step.

  • Type your comment> @zac777 said:

    @hxmo make sure you enumerate the box. From there you will find the next step.

    yeah im sure ive enumerated all, the encoded message was actually the last thing i found after enuming everything possible - will need to go back to the box and see what i can think of that message meaning

    Hack The Box

  • edited July 2019

    Does anyone else have an issue with reconnecting the shell as k*****? If I try to get a more interactive shell or close it by mistake, rerunning my LFI doesn't reestablish the connection.

    EDIT: resetting the box helps, but not ideal

    changing the name over your s****.j* allows the connection to reconnect.

  • can anyone help me for user?

    ghroot

  • What a box! Getting root shell was the best part and yes, Trying Harder works!!

  • Rooted.
    For user: read docs and play with the query :smiley:
    For root: you need to become banana first :anguished:

Sign In to comment.