Haystack

1568101123

Comments

  • edited July 2019

    Removed

  • Type your comment> @too55s said:
    > Tough box. The three files and the Ejecutar space are killing me.

    Just follow the G**k and you will be safe.

    If you appreciate my help, please give +1 respect https://www.hackthebox.eu/home/users/profile/3837

  • > @Refenn said:
    > Type your comment> @petruknisme said:
    > > Type your comment> @Sav said:
    > > > Type your comment> @vmonem said:
    > > > > I am able to read qu*s and bk from port 9200 but can't figure username, or the needle. (I also got data from port 80, and translated it).
    > > > >
    > > > > Any Hints on PM will be appreciated.
    > > >
    > > > I m on the same boat, did you get any further??
    > >
    > > You will notice the strange things in there. Just focus and be careful when reading that.
    >
    > It seems like they have difference...And this difference confuses me...
    > Or (I'm not sure) I should pass with those somewhere..?

    If you confuse reading that file with editor, try to use json beautifier and then look at the strange things :)

    If you appreciate my help, please give +1 respect https://www.hackthebox.eu/home/users/profile/3837

  • need some hints for the haystack.
    try many methods. any bits of advice?

  • Type your comment> @petruknisme said:
    > If you confuse reading that file with editor, try to use json beautifier and then look at the strange things :)

    No, I mean I'm confused with pass. The user is ok, but when I try to use some algorithms to pass, it becomes very strange.
  • edited July 2019

    Type your comment> @Refenn said:

    Type your comment> @petruknisme said:
    > If you confuse reading that file with editor, try to use json beautifier and then look at the strange things :)

    No, I mean I'm confused with pass. The user is ok, but when I try to use some algorithms to pass, it becomes very strange.

    It's the same. If you can find the user, the pass is near from that. And if you can reveal the user, i think you can reveal pass too. I hope I'm not spoling this.

    If you appreciate my help, please give +1 respect https://www.hackthebox.eu/home/users/profile/3837

  • Hey everyone,
    I found the low port "needle" and found the high port "user", decrypted both and I am stuck. I am searching the json files b* and q* like a madman but don't seem to find the last piece of the puzzle. I really need a pointer into the right direction.

    habtek

  • sometimes the privesc for k**** user works with reverse shell but sometimes doesn't work. Is it normal? i'm tired for trying 100 times for one shell. Help pls

  • Hi,

    didn't read all the post. I'm starting with the box and found an exploit for e***********h called e***********h shell, am i on the right path?

  • Type your comment> @sh4rk said:

    sometimes the privesc for k**** user works with reverse shell but sometimes doesn't work. Is it normal? i'm tired for trying 100 times for one shell. Help pls

    Try renaming your shell. I was finding that if I disconnected the shell I had to rename to get it to reconnect.

  • I've got the k******* powerup, but now I'm completely lost on where to go next, i've heard mention of three files and a service but I can't seem to find anything related to them... could anybody give me a PM with a nudge please?

    Mech

  • edited July 2019

    If any could PM me with help on getting the final stage of root I would really appreciate it. I've escalated to another user but can't figure out what to do with these conf files I found...

  • I'm having a hard time with this box. Did you guys us e*********p to get all the datas / database from the rubber band?

  • Ohh....stuck with RTFM...don't understand how to do that.
  • Having a hard time escalating to K*******a. I found a CVE but the URL they talk results in a 404? Am I on the wrong path>

  • Some people talked about something in the image/picture. Does it has anything to do with steganography?

  • @kalagan76
    Yes it will give you the hint

  • @c0b4l7 Ok, thank you.
  • edited July 2019

    Finally rooted through the pain of learning and ctfing.
    User was too strange because of non-idempotent queries' results, got it almost accidentally.
    Root was pretty nice: enumerating, learning new cool instruments and feeling euphoria from the sudden [[email protected] /]#
    Feel free to PM if your brain is in pain

  • Not going to lie. My first attempt I wrote a lengthy script that cross referenced data from one index to the other looking for clues. It was almost complete when I saw the relevant gibberish by chance.

    The second half was far more interesting and although I am familiar with the software used I was not aware of this particular bug. My hint for root is that once you have everything set up, be patient, there is a short delay.

  • edited July 2019

    Got user after finding that magic Github tool to dump the db and essential linux utilities.
    On my way to get root now :smiley:

    EDIT: stuck on getting root last step, anyone willing to give me a nudge ? Thanks
    EDIT2: got root thanks to @k0zur3 and @thegoatreich, thank you.

    IMO, the user part was nice as it was a bit of trolling, but the odd L** and the last root part was not very fun, even after looking at l******h documentation for a long time.
    Anyway, I learned a lot about ELK so thank you @JoyDragon :)

    Hack The Box

  • Found that git hub toi but still trying to figure how to dumb the db :-(
  • Type your comment> @habtek said:

    Hey everyone,
    I found the low port "needle" and found the high port "user", decrypted both and I am stuck. I am searching the json files b* and q* like a madman but don't seem to find the last piece of the puzzle. I really need a pointer into the right direction.

    same spot, please assist.

  • So got the message in the image and trawling through the indexes using curl, I did see a message now I cant @p1azm0id my brain is in pain lol any nudges welcome :)

    ”No questions a stupid question”
    <img src="https://www.hackthebox.eu/badge/team/image/1805" alt="Hack The Box">
  • @mojorisin

    it asks me for a passphrase in order to extract infos from the image. Any tips?

  • got root
    Thank you, the forum gave me a lot of help, not going in the wrong direction.

  • Mission Complete! Nice machine!

    [[email protected] ~]# id
    uid=0(root) gid=0(root) grupos=0(root) contexto=system_u:system_r:unconfined_service_t:s0
    [[email protected] ~]# ls -l
    total 8
    -rw-------. 1 root root 1407 nov 28 2018 anaconda-ks.cfg
    -rw-------. 1 root root 33 feb 6 22:12 root.txt

  • just owned user....pfff...was though :-(

  • Type your comment> @Zer0Code said:

    Done - root
    Knowledge - Spanish :lol:

    Think about people who need to translate from Spanish to English then to French :-)

  • edited July 2019

    Nice machine which made me dive into into the horny beast...
    Not CTF at all, you get what you need to search on the lower port and with just one query you get credentials - took me 5 mins..
    root I had to spend more time as I like to study the whole documentation.
    Overall fun machine.

    Macte nova virtute, puer, sic itur ad astra.

Sign In to comment.