Haystack

Type your comment> @fuZZynat0r said:

User: you should properly not safe your user and pwd in a public DB.

Hey it was encoded! :lol:

Rooted, do not hesitate to send me messages for help. I will give you some advice to continue working on this box.

User

Do not look too far, the image in port 80 can help you later. Once you have found something interesting, you need to find a way to search for what you find in port 92**.

Root

The root is not very complicated there is a service that works locally, I advise you to find out about this service on google and see this version. You must then see the services running as root for changes.

I hope it’s not spoil. If you have any questions do not hesitate to contact me.

listening on [any] 4445 …
connect to [10.10.15.231] from haystack [10.10.10.115] 42512
bash: no hay control de trabajos en este shell
[root@haystack /]#

Gotta say, that was kinda hard. It helps to know a little bit of elastic in order to get there.

People have given enough hints for user. It truly is a needle in the haystack, and finding the haystack should be easy.

For root, you’re gonna have to pivot from the initial shell to another user somehow. Think about what’s running on the box and if it’s vulnerable to a documented exploit. If it doesn’t work the first time, don’t get discouraged. Literally move your things around and try again.

From there, think about what’s running as root. Enumerate what you’re allowed to do as this user that you weren’t allowed to do as the last. Read closely, don’t skip over anything. Think about how it’s configured.

Type your comment> @cr7thehacker said:

Found a password in the DB! But no idea where to use it. Is it S**?

If there is a pwd in the db… i guess there could be a username not far from it.

I am on the last step. I found some configuration I can change but i can not interact with the service. can anyone PM me pls?

Hey folks, I got the message from port 80, but didn’t gett the hint :(, and also Can anyone tell me what is this DB thingy you guys are talking about? appreciate a little help.

When I saw “haystack” I had a feeling it would be a little too CTF for my taste. User was irritating because I thought I was pulling everything when I was only pulling about 10 records or so. Nobody’s fault but my own. When I got that root was pretty fun. I didn’t know much about the ELK stack so this was a great learning experience. Thanks for this!

Can someone PM me? I’m pretty sure I’m very close on the syntax for dumping the info we need but I keep getting errors and am not sure what part of my command is going wrong.

User is awful. Root is nice

Type your comment> @phat said:

I am on the last step. I found some configuration I can change but i can not interact with the service. can anyone PM me pls?

You don’t have to change config. Learn about l******h, how it works

Ok, got the root but not sure how. :smiley:

Done - root
Knowledge - Spanish :lol:

@Zer0Code could I PM you? I’m struggling with the last part of root
Edit: nvm got root.

Spoiler Removed

I can search things across all indices and return more than the default but cannot find the needle. What is the hint being talked about in website? I have looked at the metadata and didn’t see anything. Maybe if I could find the hint it could help me.

Type your comment> @fals3s3t said:

I can search things across all indices and return more than the default but cannot find the needle. What is the hint being talked about in website? I have looked at the metadata and didn’t see anything. Maybe if I could find the hint it could help me.

uh never-mind on the hint. I needed to look a little closer.

Is there something in the image that I’m missing?

@Pa1m0n said:

Is there something in the image that I’m missing?

Yes

Type your comment> @0MN1p073n7 said:

Type your comment> @scottrainville said:

I’ve dumped the entire database and so far found nothing useful.

Dirscanned the sites by IP and hostname, zero results and seems like no virtualhost routing. Haven’t found any software commonly exploitable.

Should I just keep looking at the database? I’m hoping I don’t have to copy/paste and translate all that spanish.

EDIT: Got it. Just need to find a username.

same. Got anything on the username?

I’m in the same boat. HINTS PLZ

Type your comment> @Moosie said:

Type your comment> @0MN1p073n7 said:

Type your comment> @scottrainville said:

I’ve dumped the entire database and so far found nothing useful.

Dirscanned the sites by IP and hostname, zero results and seems like no virtualhost routing. Haven’t found any software commonly exploitable.

Should I just keep looking at the database? I’m hoping I don’t have to copy/paste and translate all that spanish.

EDIT: Got it. Just need to find a username.

same. Got anything on the username?

I’m in the same boat. HINTS PLZ

i gave some hints before.
make a quick googling on what that high port is used for. find the applications name and google how to talk to it. it is well documented.
when you´ve found some document, try to find how you can extract data from it. it will have something called _x… thats what you want to utilize to make your query.
you will need to SELECT right command with _x…/s…