Haystack

1679111223

Comments

  • wtf, did someone actually delete user.txt?

    S1ph1lys

    We are the things that were and shall be again

  • Type your comment> @petruknisme said:

    > It's the same. If you can find the user, the pass is near from that. And if you can reveal the user, i think you can reveal pass too. I hope I'm not spoling this.

    Aw....I've just found another string that was similar to pass. Now I found it, and on the way to root.

  • edited July 2019

    I have a key I have a pass, I also have a fried brain any nudges on the next step for user and root welcome?

    Also, anyone finding the host down a lot?

    ”No questions a stupid question”
    <img src="https://www.hackthebox.eu/badge/team/image/1805" alt="Hack The Box">
  • I am stuck with the priv esc to root.
    Anyone can PM me with some hints/nudges?
    Nearly there I think. :smiley:

  • edited July 2019

    I know I can talk to the stretchysearch using c***. I've enumerated all the indices. I've translated all the text and read everything in detail, as I know the needle in the haystack is key...

    I'm totally lost now, I've tried a few different scripts to help enumerate/dump the entire DB, but can't get them to work. Could do with some pointers here anyone, please :smiley:

  • Can I get some help on user? I've been using the "rubberband" and I've used _search on b*** and q***** but haven't found anything useful.

    slimz28

  • Type your comment> @slimz28 said:

    Can I get some help on user? I've been using the "rubberband" and I've used _search on b*** and q***** but haven't found anything useful.

    Same here - feel like I am as far as I can go without some direction please!

  • Type your comment> @slimz28 said:

    Can I get some help on user? I've been using the "rubberband" and I've used _search on b*** and q***** but haven't found anything useful.

    DM I can help a little

    ”No questions a stupid question”
    <img src="https://www.hackthebox.eu/badge/team/image/1805" alt="Hack The Box">
  • Type your comment> @mojorisin said:

    Type your comment> @slimz28 said:

    Can I get some help on user? I've been using the "rubberband" and I've used _search on b*** and q***** but haven't found anything useful.

    DM I can help a little

    Haha as soon as I commented, I tried something and that gave me what I needed to uncover the username/passwd. :)

    slimz28

  • Hey everyone,

    I'm looking for help getting root. Found somethings that I'm exploring but can't really narrow a path to a privesc down.

    Salsa
    OSCP | GCIH | SEC+

  • Type your comment> @slimz28 said:

    Type your comment> @mojorisin said:

    Type your comment> @slimz28 said:

    Can I get some help on user? I've been using the "rubberband" and I've used _search on b*** and q***** but haven't found anything useful.

    DM I can help a little

    Haha as soon as I commented, I tried something and that gave me what I needed to uncover the username/passwd. :)

    Have you got near root yet if you have could you give me a nudge I have user :smile: )

    ”No questions a stupid question”
    <img src="https://www.hackthebox.eu/badge/team/image/1805" alt="Hack The Box">
  • I'm on the box trying to priv esc to K. Super stuck here, could someone give me a nudge please? I read something about an LFI, but is this the only way?

  • Got user... but for root, i am trying to use the L**-vulnerabiility. When I use it the server only "chews". No mattr if i include a reverse shell or a textfile. Isn't this the severity we are supposed to use?

    Running for OSCP

  • Read up on how l******h handles log files.
  • Phew, finally rooted. Don't over think the privesc like I did. Look at what you have, consult the documentation to understand what's going on, google around for some good resources, and then use a debugger to your advantage. PM me if you're stuck and need a nudge in the right direction. Special thanks to @thegoatreich for the assist.

    b1gbroth3r

  • edited July 2019

    Just got root, as @nergalwaja says, don't overthink it. Just connect the dots.
    Special thanks to everybody who gave me a nudge in the right direction. Looking to pay it forward, PM me if stuck or in need of hints. :smiley: Good luck.

  • jeez, i'm getting a raw patch on my head from scratching it so hard. user was...meh. nice puzzle but i prefer more "real world" boxes. i know what i need to do after getting user, it's just i can't figure out how. i know what to upload and was looking into a specific CVE but i can't figure out how to execute it. looking through the documentation (which is pretty bad in my opinion, just my 2 cents) didn't get me any further, can anyone point me in the right direction on what to read up on? i'm stuck

  • When trying the K***** exploit, i'm getting a status 400 unrecognised parameter error - can someone nudge me on what I'm doing wrong here?

  • edited July 2019

    Ok I'm stupid.

    image

  • rooted. Learned a lot about l******h , especially g**k.
    All hints have been already mentioned. If I have to add something about priv esc, don't forget that \s means SPACE.

  • edited July 2019

    Umm, is the s* suid binary that the l******h spits out a rabbit hole ?

    Yeah being stuck is being desperate :)

    S1ph1lys

    We are the things that were and shall be again

  • I have found some B**k details and some q****s ....is this a right path ...how to use this info...

  • Rooted. The final step needed patience

  • edited July 2019

    Would appreciate some help with steps after user. I have been playing with a L** for K***** but when I check ports open the port shown in /etc/k*****/k*****.yml is not running. When I try what the PoC shows on port 9*** it just errors out. Not sure what I'm missing...

    Update: Nevermind...

    slimz28

  • Type your comment> @wish said:

    I have found some B**k details and some q****s ....is this a right path ...how to use this info...

    i have same question with you,any hints?thanks

  • If you stuck, you can PM me.

    fasetto

  • edited July 2019

    Can someone PM me on how to get the user k?

    Tried enumerating, running pspy and even looking at online documentation.

    Found a CVE but unsure how to get the syntax right

    Cheers

  • I quite liked user, I learned a few new words :-).

    Root was believable... kinda.

    Good box.

    da1y

    OSWE | OSCP | eCPPTv2

    I rarely check private messages, if you do ask for help, show your workings. I don't reply to wall posts.

  • Type your comment> @Nick said:

    Type your comment> @wish said:

    I have found some B**k details and some q****s ....is this a right path ...how to use this info...

    i have same question with you,any hints?thanks

    nothing yet........

  • Type your comment

Sign In to comment.